/**
 *
 */
import OpenApi;
import OpenApi.OpenApiUtil;

extends OpenApi;


init(config: OpenApiUtil.Config){
  super(config);
  @endpointRule = '';
  
  checkConfig(config);
  @endpoint = getEndpoint('eiam', @regionId, @endpointRule, @network, @suffix, @endpointMap, @endpoint);
}

function getEndpoint(productId: string, regionId: string, endpointRule: string, network: string, suffix: string, endpointMap: map[string]string, endpoint: string) throws: string{
  if (!$isNull(endpoint)) {
    return endpoint;
  }
  
  if (!$isNull(endpointMap) && !$isNull(endpointMap[regionId])) {
    return endpointMap[regionId];
  }
  return OpenApiUtil.getEndpointRules(productId, regionId, endpointRule, network, suffix);
}

model AddUserToOrganizationalUnitsRequest {
  instanceId?: string(name='InstanceId', description='The instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  organizationalUnitIds?: [ string ](name='OrganizationalUnitIds', description='The organization IDs. You can add an account to a maximum of 100 organizations.

This parameter is required.'),
  userId?: string(name='UserId', description='The account ID.

This parameter is required.', example='user_d6sbsuumeta4h66ec3il7yxxxx'),
}

model AddUserToOrganizationalUnitsResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model AddUserToOrganizationalUnitsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: AddUserToOrganizationalUnitsResponseBody(name='body'),
}

/**
 * @summary Adds an Employee Identity and Access Management (EIAM) account to multiple EIAM organizations of Identity as a Service (IDaaS). If the account already exists in the organizational unit, the system directly returns a success response.
 *
 * @param request AddUserToOrganizationalUnitsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return AddUserToOrganizationalUnitsResponse
 */
async function addUserToOrganizationalUnitsWithOptions(request: AddUserToOrganizationalUnitsRequest, runtime: $RuntimeOptions): AddUserToOrganizationalUnitsResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.organizationalUnitIds)) {
    query['OrganizationalUnitIds'] = request.organizationalUnitIds;
  }
  if (!$isNull(request.userId)) {
    query['UserId'] = request.userId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'AddUserToOrganizationalUnits',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Adds an Employee Identity and Access Management (EIAM) account to multiple EIAM organizations of Identity as a Service (IDaaS). If the account already exists in the organizational unit, the system directly returns a success response.
 *
 * @param request AddUserToOrganizationalUnitsRequest
 * @return AddUserToOrganizationalUnitsResponse
 */
async function addUserToOrganizationalUnits(request: AddUserToOrganizationalUnitsRequest): AddUserToOrganizationalUnitsResponse {
  var runtime = new $RuntimeOptions{};
  return addUserToOrganizationalUnitsWithOptions(request, runtime);
}

model AddUsersToGroupRequest {
  groupId?: string(name='GroupId', description='The group ID.

This parameter is required.', example='group_d6sbsuumeta4h66ec3il7yxxxx'),
  instanceId?: string(name='InstanceId', description='The instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  userIds?: [ string ](name='UserIds', description='The account IDs.

This parameter is required.', example='[ou_001]'),
}

model AddUsersToGroupResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model AddUsersToGroupResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: AddUsersToGroupResponseBody(name='body'),
}

/**
 * @summary Adds Employee Identity and Access Management (EIAM) accounts to an EIAM group of Identity as a Service (IDaaS).
 *
 * @param request AddUsersToGroupRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return AddUsersToGroupResponse
 */
async function addUsersToGroupWithOptions(request: AddUsersToGroupRequest, runtime: $RuntimeOptions): AddUsersToGroupResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.groupId)) {
    query['GroupId'] = request.groupId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.userIds)) {
    query['UserIds'] = request.userIds;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'AddUsersToGroup',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Adds Employee Identity and Access Management (EIAM) accounts to an EIAM group of Identity as a Service (IDaaS).
 *
 * @param request AddUsersToGroupRequest
 * @return AddUsersToGroupResponse
 */
async function addUsersToGroup(request: AddUsersToGroupRequest): AddUsersToGroupResponse {
  var runtime = new $RuntimeOptions{};
  return addUsersToGroupWithOptions(request, runtime);
}

model AuthorizeApplicationToGroupsRequest {
  applicationId?: string(name='ApplicationId', description='The application ID.

This parameter is required.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
  groupIds?: [ string ](name='GroupIds', description='The group IDs. You can specify up to 100 group IDs at a time.

This parameter is required.', example='group_miu8e4t4d7i4u7uwezgr54xxxx'),
  instanceId?: string(name='InstanceId', description='The instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk2676xxxx'),
}

model AuthorizeApplicationToGroupsResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model AuthorizeApplicationToGroupsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: AuthorizeApplicationToGroupsResponseBody(name='body'),
}

/**
 * @summary Grants the permissions to access an application to multiple account groups at a time in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM).
 *
 * @param request AuthorizeApplicationToGroupsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return AuthorizeApplicationToGroupsResponse
 */
async function authorizeApplicationToGroupsWithOptions(request: AuthorizeApplicationToGroupsRequest, runtime: $RuntimeOptions): AuthorizeApplicationToGroupsResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.applicationId)) {
    query['ApplicationId'] = request.applicationId;
  }
  if (!$isNull(request.groupIds)) {
    query['GroupIds'] = request.groupIds;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'AuthorizeApplicationToGroups',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Grants the permissions to access an application to multiple account groups at a time in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM).
 *
 * @param request AuthorizeApplicationToGroupsRequest
 * @return AuthorizeApplicationToGroupsResponse
 */
async function authorizeApplicationToGroups(request: AuthorizeApplicationToGroupsRequest): AuthorizeApplicationToGroupsResponse {
  var runtime = new $RuntimeOptions{};
  return authorizeApplicationToGroupsWithOptions(request, runtime);
}

model AuthorizeApplicationToOrganizationalUnitsRequest {
  applicationId?: string(name='ApplicationId', description='The ID of the application on which you want to grant permissions.

This parameter is required.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk2676xxxx'),
  organizationalUnitIds?: [ string ](name='OrganizationalUnitIds', description='The IDs of the organizations to which you want to grant permissions. You can grant permissions to a maximum of 100 organizations at a time.

This parameter is required.', example='ou_wovwffm62xifdziem7an7xxxxx'),
}

model AuthorizeApplicationToOrganizationalUnitsResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model AuthorizeApplicationToOrganizationalUnitsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: AuthorizeApplicationToOrganizationalUnitsResponseBody(name='body'),
}

/**
 * @summary Grants the access permissions on an application to multiple Employee Identity and Access Management (EIAM) organizations at a time.
 *
 * @param request AuthorizeApplicationToOrganizationalUnitsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return AuthorizeApplicationToOrganizationalUnitsResponse
 */
async function authorizeApplicationToOrganizationalUnitsWithOptions(request: AuthorizeApplicationToOrganizationalUnitsRequest, runtime: $RuntimeOptions): AuthorizeApplicationToOrganizationalUnitsResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.applicationId)) {
    query['ApplicationId'] = request.applicationId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.organizationalUnitIds)) {
    query['OrganizationalUnitIds'] = request.organizationalUnitIds;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'AuthorizeApplicationToOrganizationalUnits',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Grants the access permissions on an application to multiple Employee Identity and Access Management (EIAM) organizations at a time.
 *
 * @param request AuthorizeApplicationToOrganizationalUnitsRequest
 * @return AuthorizeApplicationToOrganizationalUnitsResponse
 */
async function authorizeApplicationToOrganizationalUnits(request: AuthorizeApplicationToOrganizationalUnitsRequest): AuthorizeApplicationToOrganizationalUnitsResponse {
  var runtime = new $RuntimeOptions{};
  return authorizeApplicationToOrganizationalUnitsWithOptions(request, runtime);
}

model AuthorizeApplicationToUsersRequest {
  applicationId?: string(name='ApplicationId', description='The ID of the application on which you want to grant permissions.

This parameter is required.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk2676xxxx'),
  userIds?: [ string ](name='UserIds', description='The IDs of the accounts to which you want to grant permissions. You can grant permissions to a maximum of 100 accounts at a time.

This parameter is required.', example='user_d6sbsuumeta4h66ec3il7yxxxx'),
}

model AuthorizeApplicationToUsersResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model AuthorizeApplicationToUsersResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: AuthorizeApplicationToUsersResponseBody(name='body'),
}

/**
 * @summary Grants the access permissions on an application to multiple Employee Identity and Access Management (EIAM) accounts at a time.
 *
 * @param request AuthorizeApplicationToUsersRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return AuthorizeApplicationToUsersResponse
 */
async function authorizeApplicationToUsersWithOptions(request: AuthorizeApplicationToUsersRequest, runtime: $RuntimeOptions): AuthorizeApplicationToUsersResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.applicationId)) {
    query['ApplicationId'] = request.applicationId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.userIds)) {
    query['UserIds'] = request.userIds;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'AuthorizeApplicationToUsers',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Grants the access permissions on an application to multiple Employee Identity and Access Management (EIAM) accounts at a time.
 *
 * @param request AuthorizeApplicationToUsersRequest
 * @return AuthorizeApplicationToUsersResponse
 */
async function authorizeApplicationToUsers(request: AuthorizeApplicationToUsersRequest): AuthorizeApplicationToUsersResponse {
  var runtime = new $RuntimeOptions{};
  return authorizeApplicationToUsersWithOptions(request, runtime);
}

model CreateApplicationRequest {
  applicationName?: string(name='ApplicationName', description='The name of the application.

This parameter is required.', example='Ram Account SSO'),
  applicationSourceType?: string(name='ApplicationSourceType', description='The type of the application source. Valid values:

*   urn:alibaba:idaas:app:source:template: application template
*   urn:alibaba:idaas:app:source:standard: standard protocol

This parameter is required.', example='urn:alibaba:idaas:app:source:standard'),
  applicationTemplateId?: string(name='ApplicationTemplateId', description='The ID of the application template. This parameter is required if you set the ApplicationSourceType parameter to urn:alibaba:idaas:app:source:template.', example='template_cloud_ram'),
  description?: string(name='Description', description='The description of the application.', example='RAM user SSO application'),
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk2676xxxx'),
  logoUrl?: string(name='LogoUrl', description='The URL of the application logo.', example='https://oss.cn-hangzhou.aliyuncs.com/logo.png'),
  ssoType?: string(name='SsoType', description='The SSO protocol. Valid values:

*   saml2: the SAML 2.0 protocol.
*   oidc: the OpenID Connect protocol.

This parameter is required.', example='saml2'),
}

model CreateApplicationResponseBody = {
  applicationId?: string(name='ApplicationId', description='The ID of the application.', example='app_mkv7rgt4d7i4u7zqtzev2mnkom'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model CreateApplicationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: CreateApplicationResponseBody(name='body'),
}

/**
 * @summary Adds an application to an Enterprise Identity Access Management (EIAM) instance of Identity as a Service (IDaaS).
 *
 * @description IDaaS EIAM supports the following two standard single sign-on (SSO) protocols for adding applications: SAML 2.0 and OIDC. You can select an SSO protocol based on your business requirements when you add an application. You cannot change the SSO protocol that you selected after the application is added.
 *
 * @param request CreateApplicationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return CreateApplicationResponse
 */
async function createApplicationWithOptions(request: CreateApplicationRequest, runtime: $RuntimeOptions): CreateApplicationResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.applicationName)) {
    query['ApplicationName'] = request.applicationName;
  }
  if (!$isNull(request.applicationSourceType)) {
    query['ApplicationSourceType'] = request.applicationSourceType;
  }
  if (!$isNull(request.applicationTemplateId)) {
    query['ApplicationTemplateId'] = request.applicationTemplateId;
  }
  if (!$isNull(request.description)) {
    query['Description'] = request.description;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.logoUrl)) {
    query['LogoUrl'] = request.logoUrl;
  }
  if (!$isNull(request.ssoType)) {
    query['SsoType'] = request.ssoType;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'CreateApplication',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Adds an application to an Enterprise Identity Access Management (EIAM) instance of Identity as a Service (IDaaS).
 *
 * @description IDaaS EIAM supports the following two standard single sign-on (SSO) protocols for adding applications: SAML 2.0 and OIDC. You can select an SSO protocol based on your business requirements when you add an application. You cannot change the SSO protocol that you selected after the application is added.
 *
 * @param request CreateApplicationRequest
 * @return CreateApplicationResponse
 */
async function createApplication(request: CreateApplicationRequest): CreateApplicationResponse {
  var runtime = new $RuntimeOptions{};
  return createApplicationWithOptions(request, runtime);
}

model CreateApplicationClientSecretRequest {
  applicationId?: string(name='ApplicationId', description='The ID of the application for which you want to create a client key.

This parameter is required.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model CreateApplicationClientSecretResponseBody = {
  applicationClientSecret?: {
    clientId?: string(name='ClientId', description='The client ID of the application.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
    clientSecret?: string(name='ClientSecret', description='The client key secret of the application.', example='CSEHDcHcrUKHw1CuxkJEHPveWRXBGqVqRsxxxx'),
    secretId?: string(name='SecretId', description='The client key ID of the application.', example='sci_k52x2ru63rlkflina5utgkxxxx'),
  }(name='ApplicationClientSecret', description='The information about the client key.'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model CreateApplicationClientSecretResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: CreateApplicationClientSecretResponseBody(name='body'),
}

/**
 * @summary Creates a client key for an Employee Identity and Access Management (EIAM) application. An EIAM application can have up to two client keys.
 *
 * @param request CreateApplicationClientSecretRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return CreateApplicationClientSecretResponse
 */
async function createApplicationClientSecretWithOptions(request: CreateApplicationClientSecretRequest, runtime: $RuntimeOptions): CreateApplicationClientSecretResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.applicationId)) {
    query['ApplicationId'] = request.applicationId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'CreateApplicationClientSecret',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Creates a client key for an Employee Identity and Access Management (EIAM) application. An EIAM application can have up to two client keys.
 *
 * @param request CreateApplicationClientSecretRequest
 * @return CreateApplicationClientSecretResponse
 */
async function createApplicationClientSecret(request: CreateApplicationClientSecretRequest): CreateApplicationClientSecretResponse {
  var runtime = new $RuntimeOptions{};
  return createApplicationClientSecretWithOptions(request, runtime);
}

model CreateConditionalAccessPolicyRequest {
  clientToken?: string(name='ClientToken', description='Idempotent token.', example='client-token-example'),
  conditionalAccessPolicyName?: string(name='ConditionalAccessPolicyName', description='Conditional access policy name

This parameter is required.', example='My Conditional Access Policy'),
  conditionalAccessPolicyType?: string(name='ConditionalAccessPolicyType', description='Type of the conditional access policy, with the following options:

arn:alibaba:idaas:authn:access:policy:system: System policy.

This parameter is required.', example='arn:alibaba:idaas:authn:access:policy:system'),
  conditionsConfig?: {
    applications?: {
      excludeApplications?: [ string ](name='ExcludeApplications', description='Excluded applications'),
      includeApplications?: [ string ](name='IncludeApplications', description='Included applications'),
    }(name='Applications', description='Target applications for the conditional access policy'),
    networkZones?: {
      excludeNetworkZones?: [ string ](name='ExcludeNetworkZones', description='Excluded network zones'),
      includeNetworkZones?: [ string ](name='IncludeNetworkZones', description='Included network zones'),
    }(name='NetworkZones', description='Network zones for conditional access policy'),
    users?: {
      excludeGroups?: [ string ](name='ExcludeGroups', description='Excluded user groups'),
      excludeOrganizationalUnits?: [ string ](name='ExcludeOrganizationalUnits', description='Excluded organizations'),
      excludeUsers?: [ string ](name='ExcludeUsers', description='Excluded users'),
      includeGroups?: [ string ](name='IncludeGroups', description='Included user groups'),
      includeOrganizationalUnits?: [ string ](name='IncludeOrganizationalUnits', description='Included organizations'),
      includeUsers?: [ string ](name='IncludeUsers', description='Selected user'),
    }(name='Users', description='Target users of the conditional access policy'),
  }(name='ConditionsConfig', description='Condition content configuration for the conditional access policy'),
  decisionConfig?: {
    activeSessionReuseStatus?: string(name='ActiveSessionReuseStatus', description='Whether to enable session reuse', example='enabled'),
    effect?: string(name='Effect', description='Decision action for the conditional access policy, with the following options:

- allow: Allow.
- deny: Deny.', example='allow or deny'),
    mfaAuthenticationIntervalSeconds?: long(name='MfaAuthenticationIntervalSeconds', description='Re-authentication interval (in seconds) for the conditional access policy

- Maximum MFA re-authentication interval: 86400
- Minimum MFA re-authentication interval: 300', example='500'),
    mfaAuthenticationMethods?: [ string ](name='MfaAuthenticationMethods', description='Allowed MFA types for the conditional access policy, with the following options:
- ia_otp_sms: SMS verification code
- ia_otp_email: Email verification code
- ia_totp: OTP dynamic password
- ia_webauthn: WebAuthn'),
    mfaType?: string(name='MfaType', description='MFA type for the conditional access policy, with the following options:

- directly_access: Direct access
- mfa_required: MFA required', example='directly_access'),
  }(name='DecisionConfig', description='Action configuration for the conditional access policy'),
  decisionType?: string(name='DecisionType', description='Execution type of the conditional access policy, with the following options:

enforcement: Enforce the policy.

This parameter is required.', example='enforcement'),
  description?: string(name='Description', description='Description of the conditional access policy', example='Test Description'),
  evaluateAt?: string(name='EvaluateAt', description='Execution point of the conditional access policy, with the following options:

- arn:alibaba:idaas:authn:access:rule:eval_at:after_step1: Allow.

This parameter is required.', example='arn:alibaba:idaas:authn:access:rule:eval_at:after_step1'),
  instanceId?: string(name='InstanceId', description='Instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  priority?: int32(name='Priority', description='Priority of the conditional access policy, lower values indicate higher priority
Minimum value: 1
Maximum value: 100', example='1'),
}

model CreateConditionalAccessPolicyResponseBody = {
  conditionalAccessPolicyId?: string(name='ConditionalAccessPolicyId', description='Conditional Access Policy ID', example='cp_xxxxx'),
  requestId?: string(name='RequestId', description='Request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model CreateConditionalAccessPolicyResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: CreateConditionalAccessPolicyResponseBody(name='body'),
}

/**
 * @summary Create Conditional Access Policy
 *
 * @description Create Conditional Access Policy
 *
 * @param request CreateConditionalAccessPolicyRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return CreateConditionalAccessPolicyResponse
 */
async function createConditionalAccessPolicyWithOptions(request: CreateConditionalAccessPolicyRequest, runtime: $RuntimeOptions): CreateConditionalAccessPolicyResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.clientToken)) {
    query['ClientToken'] = request.clientToken;
  }
  if (!$isNull(request.conditionalAccessPolicyName)) {
    query['ConditionalAccessPolicyName'] = request.conditionalAccessPolicyName;
  }
  if (!$isNull(request.conditionalAccessPolicyType)) {
    query['ConditionalAccessPolicyType'] = request.conditionalAccessPolicyType;
  }
  if (!$isNull(request.conditionsConfig)) {
    query['ConditionsConfig'] = request.conditionsConfig;
  }
  if (!$isNull(request.decisionConfig)) {
    query['DecisionConfig'] = request.decisionConfig;
  }
  if (!$isNull(request.decisionType)) {
    query['DecisionType'] = request.decisionType;
  }
  if (!$isNull(request.description)) {
    query['Description'] = request.description;
  }
  if (!$isNull(request.evaluateAt)) {
    query['EvaluateAt'] = request.evaluateAt;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.priority)) {
    query['Priority'] = request.priority;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'CreateConditionalAccessPolicy',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Create Conditional Access Policy
 *
 * @description Create Conditional Access Policy
 *
 * @param request CreateConditionalAccessPolicyRequest
 * @return CreateConditionalAccessPolicyResponse
 */
async function createConditionalAccessPolicy(request: CreateConditionalAccessPolicyRequest): CreateConditionalAccessPolicyResponse {
  var runtime = new $RuntimeOptions{};
  return createConditionalAccessPolicyWithOptions(request, runtime);
}

model CreateDomainRequest {
  domain?: string(name='Domain', description='域名。最大长度限制255，格式由数字、字母、横线（-）点（.）组成;

This parameter is required.', example='www.example.com'),
  filing?: {
    icpNumber?: string(name='IcpNumber', description='域名关联的备案号，长度最大限制64。', example='浙xx-xxxxxx'),
  }(name='Filing', description='备案信息参数。'),
  instanceId?: string(name='InstanceId', description='IDaaS EIAM实例的ID。

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model CreateDomainResponseBody = {
  domainId?: string(name='DomainId', example='dm_mtohn6mltdz3ibtly2rxvnvxxx'),
  requestId?: string(name='RequestId', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model CreateDomainResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: CreateDomainResponseBody(name='body'),
}

/**
 * @summary 创建域名。
 *
 * @param request CreateDomainRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return CreateDomainResponse
 */
async function createDomainWithOptions(request: CreateDomainRequest, runtime: $RuntimeOptions): CreateDomainResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.domain)) {
    query['Domain'] = request.domain;
  }
  if (!$isNull(request.filing)) {
    query['Filing'] = request.filing;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'CreateDomain',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 创建域名。
 *
 * @param request CreateDomainRequest
 * @return CreateDomainResponse
 */
async function createDomain(request: CreateDomainRequest): CreateDomainResponse {
  var runtime = new $RuntimeOptions{};
  return createDomainWithOptions(request, runtime);
}

model CreateDomainProxyTokenRequest {
  domainId?: string(name='DomainId', description='域名ID。

This parameter is required.', example='dm_examplexxxxx'),
  instanceId?: string(name='InstanceId', description='IDaaS EIAM实例的ID。

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model CreateDomainProxyTokenResponseBody = {
  domainProxyTokenId?: string(name='DomainProxyTokenId', example='pt_mtohn73423stghoivjmi4jwxxx'),
  requestId?: string(name='RequestId', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model CreateDomainProxyTokenResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: CreateDomainProxyTokenResponseBody(name='body'),
}

/**
 * @summary 创建域名代理Token。
 *
 * @param request CreateDomainProxyTokenRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return CreateDomainProxyTokenResponse
 */
async function createDomainProxyTokenWithOptions(request: CreateDomainProxyTokenRequest, runtime: $RuntimeOptions): CreateDomainProxyTokenResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.domainId)) {
    query['DomainId'] = request.domainId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'CreateDomainProxyToken',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 创建域名代理Token。
 *
 * @param request CreateDomainProxyTokenRequest
 * @return CreateDomainProxyTokenResponse
 */
async function createDomainProxyToken(request: CreateDomainProxyTokenRequest): CreateDomainProxyTokenResponse {
  var runtime = new $RuntimeOptions{};
  return createDomainProxyTokenWithOptions(request, runtime);
}

model CreateGroupRequest {
  description?: string(name='Description', description='The description of the group. The value can be up to 256 characters in length.', example='this is a test.'),
  groupExternalId?: string(name='GroupExternalId', description='The external ID of the group, which can be used to associate the group with an external system. By default, the external ID is the group ID. The value can be up to 64 characters in length.', example='group_d6sbsuumeta4h66ec3il7yxxxx'),
  groupName?: string(name='GroupName', description='The name of the group. The name can be up to 64 characters in length.

This parameter is required.', example='name_test'),
  instanceId?: string(name='InstanceId', description='The instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model CreateGroupResponseBody = {
  groupId?: string(name='GroupId', description='The group ID.', example='group_d6sbsuumeta4h66ec3il7yxxxx'),
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model CreateGroupResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: CreateGroupResponseBody(name='body'),
}

/**
 * @summary Creates an account group in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM).
 *
 * @param request CreateGroupRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return CreateGroupResponse
 */
async function createGroupWithOptions(request: CreateGroupRequest, runtime: $RuntimeOptions): CreateGroupResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.description)) {
    query['Description'] = request.description;
  }
  if (!$isNull(request.groupExternalId)) {
    query['GroupExternalId'] = request.groupExternalId;
  }
  if (!$isNull(request.groupName)) {
    query['GroupName'] = request.groupName;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'CreateGroup',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Creates an account group in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM).
 *
 * @param request CreateGroupRequest
 * @return CreateGroupResponse
 */
async function createGroup(request: CreateGroupRequest): CreateGroupResponse {
  var runtime = new $RuntimeOptions{};
  return createGroupWithOptions(request, runtime);
}

model CreateIdentityProviderRequest {
  authnConfig?: {
    authnStatus?: string(name='AuthnStatus', description='对应IdP是否支持认证

This parameter is required.', example='enabled'),
    autoUpdatePasswordStatus?: string(name='AutoUpdatePasswordStatus', description='是否支持自动更新密码', example='enabled'),
  }(name='AuthnConfig', description='认证配置'),
  autoCreateUserConfig?: {
    autoCreateUserStatus?: string(name='AutoCreateUserStatus', description='自动创建账户是否开启', example='disabled'),
    targetOrganizationalUnitIds?: [ string ](name='TargetOrganizationalUnitIds'),
  }(name='AutoCreateUserConfig', description='自动创建账户账户规则配置。'),
  autoUpdateUserConfig?: {
    autoUpdateUserStatus?: string(name='AutoUpdateUserStatus', description='自动更新账户是否开启', example='disabled'),
  }(name='AutoUpdateUserConfig', description='自动更新账户规则配置。'),
  bindingConfig?: {
    autoMatchUserProfileExpressions?: [ 
      {
        expressionMappingType?: string(name='ExpressionMappingType', description='表达式的类型

This parameter is required.', example='filed'),
        sourceValueExpression?: string(name='SourceValueExpression', description='映射属性取值表达式

This parameter is required.', example='idpUser.phoneNumber'),
        targetField?: string(name='TargetField', description='映射目标属性名称

This parameter is required.', example='user.username'),
        targetFieldDescription?: string(name='TargetFieldDescription', description='映射目标属性名称'),
      }
    ](name='AutoMatchUserProfileExpressions', description='自动匹配账户的规则'),
    autoMatchUserStatus?: string(name='AutoMatchUserStatus', description='自动匹配账户是否开启', example='disabled'),
    mappingBindingStatus?: string(name='MappingBindingStatus', description='用户手动绑定账户功能是否开启', example='enabled'),
  }(name='BindingConfig', description='账户绑定规则配置。'),
  dingtalkAppConfig?: {
    appKey?: string(name='AppKey', description='钉钉一方应用的AppKey', example='Xczngvfemo4e'),
    appSecret?: string(name='AppSecret', description='钉钉一方应用的AppSecret', example='5d405a12a6f84ad4ab05ee09axxxx'),
    corpId?: string(name='CorpId', description='钉钉一方应用的corpId', example='3075680424786133505'),
    dingtalkVersion?: string(name='DingtalkVersion', description='钉钉版本', example='public_dingtalk'),
  }(name='DingtalkAppConfig', description='钉钉配置'),
  identityProviderName?: string(name='IdentityProviderName', description='身份提供方名称

This parameter is required.', example='test'),
  identityProviderType?: string(name='IdentityProviderType', description='身份提供发类型

This parameter is required.', example='urn:alibaba:idaas:idp:alibaba:dingtalk:push'),
  instanceId?: string(name='InstanceId', description='IDaaS EIAM实例的ID。

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  larkConfig?: {
    appId?: string(name='AppId', example='cli_xxxx'),
    appSecret?: string(name='AppSecret', example='KiiLzh5Dueh4wbLxxxx'),
    encryptKey?: string(name='EncryptKey'),
    enterpriseNumber?: string(name='EnterpriseNumber', example='FSX123111xxx'),
    verificationToken?: string(name='VerificationToken'),
  }(name='LarkConfig', description='飞书配置'),
  ldapConfig?: {
    administratorPassword?: string(name='AdministratorPassword', description='管理员密码', example='xxxx'),
    administratorUsername?: string(name='AdministratorUsername', description='管理员账号', example='DC=example,DC=com'),
    certificateFingerprintStatus?: string(name='CertificateFingerprintStatus', description='是否验证指纹证书', example='enabled'),
    certificateFingerprints?: [ string ](name='CertificateFingerprints', description='证书指纹列表'),
    groupMemberAttributeName?: string(name='GroupMemberAttributeName', description='组成员标识', example='member'),
    groupObjectClass?: string(name='GroupObjectClass', description='组objectClass', example='group'),
    groupObjectClassCustomFilter?: string(name='GroupObjectClassCustomFilter', description='组自定义Filter', example='(|(cn=test)(group=test@test.com))'),
    ldapProtocol?: string(name='LdapProtocol', description='通信协议', example='ldap'),
    ldapServerHost?: string(name='LdapServerHost', description='ad/ldap 服务器地址', example='123.xx.xx.89'),
    ldapServerPort?: int32(name='LdapServerPort', description='端口号', example='636'),
    organizationUnitObjectClass?: string(name='OrganizationUnitObjectClass', description='组织objectClass', example='organizationUnit,top'),
    startTlsStatus?: string(name='StartTlsStatus', description='startTls是否开启', example='enabled'),
    userLoginIdentifier?: string(name='UserLoginIdentifier', description='用户登录标识', example='userPrincipalName, mail'),
    userObjectClass?: string(name='UserObjectClass', description='用户objectClass', example='person,user'),
    userObjectClassCustomFilter?: string(name='UserObjectClassCustomFilter', description='用户自定义Filter', example='(|(cn=test)(mail=test@test.com))'),
  }(name='LdapConfig', description='AD/LDAP配置'),
  logoUrl?: string(name='LogoUrl'),
  networkAccessEndpointId?: string(name='NetworkAccessEndpointId', description='网络端点ID', example='nae_examplexxxx'),
  oidcConfig?: {
    authnParam?: {
      authnMethod?: string(name='AuthnMethod', description='OIDC/oAuth2 认证方法。', example='client_secret_post'),
      clientId?: string(name='ClientId', description='OIDC/oAuth2 客户端ID。', example='mkv7rgt4d7i4u7zqtzev2mxxxx'),
      clientSecret?: string(name='ClientSecret', description='OIDC/oAuth2 客户端密钥。', example='CSEHDddddddxxxxuxkJEHPveWRXBGqVqRsxxxx'),
    }(name='AuthnParam', description='OIDC客户端认证配置。'),
    endpointConfig?: {
      authorizationEndpoint?: string(name='AuthorizationEndpoint', description='oAuth2 授权端点。', example='https://example.com/auth/authorize'),
      issuer?: string(name='Issuer', description='OIDC issuer信息。', example='https://example.com/auth'),
      jwksUri?: string(name='JwksUri', description='OIDC jwks地址。', example='https://example.com/auth/jwks'),
      tokenEndpoint?: string(name='TokenEndpoint', description='oAuth2 Token端点。', example='https://example.com/auth/token'),
      userinfoEndpoint?: string(name='UserinfoEndpoint', description='OIDC 用户信息端点。', example='https://example.com/auth/userinfo'),
    }(name='EndpointConfig', description='OIDC 端点配置。'),
    grantScopes?: [ string ](name='GrantScopes', description='OIDC标准参数，如profile、email等', example='openid'),
    grantType?: string(name='GrantType', description='OIDC授权类型。', example='authorization_code'),
    pkceChallengeMethod?: string(name='PkceChallengeMethod', description='支持的PKCE算法类型。', example='S256'),
    pkceRequired?: boolean(name='PkceRequired', description='AuthorizationCode授权模式下是否使用PKCE。', example='true'),
  }(name='OidcConfig', description='OIDC IdP配置。'),
  udPullConfig?: {
    groupSyncStatus?: string(name='GroupSyncStatus', description='是否支持组同步，默认为disabled', example='disabled'),
    incrementalCallbackStatus?: string(name='IncrementalCallbackStatus', description='增量回调状态，是否处理来自IdP的增量回调数据', example='disabled'),
    periodicSyncConfig?: {
      periodicSyncCron?: string(name='PeriodicSyncCron', example='0 45 1 * * ?'),
      periodicSyncTimes?: [ int32 ](name='PeriodicSyncTimes'),
      periodicSyncType?: string(name='PeriodicSyncType', example='cron'),
    }(name='PeriodicSyncConfig'),
    periodicSyncStatus?: string(name='PeriodicSyncStatus', example='disabled'),
    udSyncScopeConfig?: {
      sourceScopes?: [ string ](name='SourceScopes', description='同步来源节点'),
      targetScope?: string(name='TargetScope', description='同步目标节点', example='ou_lyhyy6p7yf7mdrdiq5xxxx'),
    }(name='UdSyncScopeConfig', description='同步入配置信息

This parameter is required.'),
  }(name='UdPullConfig', description='同步入配置'),
  udPushConfig?: {
    incrementalCallbackStatus?: string(name='IncrementalCallbackStatus', description='增量回调状态，是否处理来自IdP的增量回调数据', example='disabled'),
    periodicSyncStatus?: string(name='PeriodicSyncStatus', example='disabled'),
    udSyncScopeConfigs?: [ 
      {
        sourceScopes?: [ string ](name='SourceScopes', description='同步来源节点'),
        targetScope?: string(name='TargetScope', description='同步目标节点', example='ou_lyhyy6p7yf7mdrdiq5xxxx'),
      }
    ](name='UdSyncScopeConfigs', description='同步出配置信息'),
  }(name='UdPushConfig', description='同步出配置'),
  weComConfig?: {
    agentId?: string(name='AgentId', description='企业微信自建应用的Id', example='278231941749863339'),
    authorizeCallbackDomain?: string(name='AuthorizeCallbackDomain', description='授权回调域', example='https://xxx.aliyunidaas.com/xxxx'),
    corpId?: string(name='CorpId', description='企业微信自建应用的corpId', example='3756043633237690761'),
    corpSecret?: string(name='CorpSecret', description='企业微信自建应用的corpSecret', example='CSEHDddddddxxxxuxkJEHPveWRXBGqVqRsxxxx'),
    trustableDomain?: string(name='TrustableDomain', description='可信域名', example='https://xxx.aliyunidaas.com/'),
  }(name='WeComConfig', description='WeCom配置'),
}

model CreateIdentityProviderResponseBody = {
  identityProviderId?: string(name='IdentityProviderId', example='idp_mwpcwnhrimlr2horxXXXX'),
  requestId?: string(name='RequestId', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model CreateIdentityProviderResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: CreateIdentityProviderResponseBody(name='body'),
}

/**
 * @summary 创建身份提供方
 *
 * @param request CreateIdentityProviderRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return CreateIdentityProviderResponse
 */
async function createIdentityProviderWithOptions(request: CreateIdentityProviderRequest, runtime: $RuntimeOptions): CreateIdentityProviderResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.authnConfig)) {
    query['AuthnConfig'] = request.authnConfig;
  }
  if (!$isNull(request.autoCreateUserConfig)) {
    query['AutoCreateUserConfig'] = request.autoCreateUserConfig;
  }
  if (!$isNull(request.autoUpdateUserConfig)) {
    query['AutoUpdateUserConfig'] = request.autoUpdateUserConfig;
  }
  if (!$isNull(request.bindingConfig)) {
    query['BindingConfig'] = request.bindingConfig;
  }
  if (!$isNull(request.dingtalkAppConfig)) {
    query['DingtalkAppConfig'] = request.dingtalkAppConfig;
  }
  if (!$isNull(request.identityProviderName)) {
    query['IdentityProviderName'] = request.identityProviderName;
  }
  if (!$isNull(request.identityProviderType)) {
    query['IdentityProviderType'] = request.identityProviderType;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.larkConfig)) {
    query['LarkConfig'] = request.larkConfig;
  }
  if (!$isNull(request.ldapConfig)) {
    query['LdapConfig'] = request.ldapConfig;
  }
  if (!$isNull(request.logoUrl)) {
    query['LogoUrl'] = request.logoUrl;
  }
  if (!$isNull(request.networkAccessEndpointId)) {
    query['NetworkAccessEndpointId'] = request.networkAccessEndpointId;
  }
  if (!$isNull(request.oidcConfig)) {
    query['OidcConfig'] = request.oidcConfig;
  }
  if (!$isNull(request.udPullConfig)) {
    query['UdPullConfig'] = request.udPullConfig;
  }
  if (!$isNull(request.udPushConfig)) {
    query['UdPushConfig'] = request.udPushConfig;
  }
  if (!$isNull(request.weComConfig)) {
    query['WeComConfig'] = request.weComConfig;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'CreateIdentityProvider',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 创建身份提供方
 *
 * @param request CreateIdentityProviderRequest
 * @return CreateIdentityProviderResponse
 */
async function createIdentityProvider(request: CreateIdentityProviderRequest): CreateIdentityProviderResponse {
  var runtime = new $RuntimeOptions{};
  return createIdentityProviderWithOptions(request, runtime);
}

model CreateInstanceRequest {
  description?: string(name='Description', description='The description of the instance. The description can be up to 128 characters in length.', example='instance_for_test'),
}

model CreateInstanceResponseBody = {
  instanceId?: string(name='InstanceId', description='The ID of the instance that is created.', example='idaas_wj5htncdvoc4q5xxxxxxxxx'),
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model CreateInstanceResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: CreateInstanceResponseBody(name='body'),
}

/**
 * @summary Creates an instance based on which all capabilities of Identity as a Service (IDaaS) Enterprise Identity and Access Management (EIAM) are provided.
 *
 * @param request CreateInstanceRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return CreateInstanceResponse
 */
async function createInstanceWithOptions(request: CreateInstanceRequest, runtime: $RuntimeOptions): CreateInstanceResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.description)) {
    query['Description'] = request.description;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'CreateInstance',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Creates an instance based on which all capabilities of Identity as a Service (IDaaS) Enterprise Identity and Access Management (EIAM) are provided.
 *
 * @param request CreateInstanceRequest
 * @return CreateInstanceResponse
 */
async function createInstance(request: CreateInstanceRequest): CreateInstanceResponse {
  var runtime = new $RuntimeOptions{};
  return createInstanceWithOptions(request, runtime);
}

model CreateNetworkAccessEndpointRequest {
  clientToken?: string(name='ClientToken', description='保证请求幂等性。从您的客户端生成一个参数值，确保不同请求间该参数值唯一。ClientToken只支持ASCII字符，且不能超过64个字符。', example='client-token-example'),
  instanceId?: string(name='InstanceId', description='IDaaS EIAM实例的ID。

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  networkAccessEndpointName?: string(name='NetworkAccessEndpointName', description='专属网络端点名称。

This parameter is required.', example='xx业务VPC访问端点'),
  vSwitchIds?: [ string ](name='VSwitchIds', description='专属网络端点连接的指定vSwitch。', example='vsw-examplexxx'),
  vpcId?: string(name='VpcId', description='专属网络端点连接的VpcID。

This parameter is required.', example='vpc-examplexxx'),
  vpcRegionId?: string(name='VpcRegionId', description='专属网络端点连接的VpcID所属地域，该地域取值必须在ListNetworkAccessEndpointAvailableRegions接口中返回。

This parameter is required.', example='cn-hangzhou'),
}

model CreateNetworkAccessEndpointResponseBody = {
  networkAccessEndpointId?: string(name='NetworkAccessEndpointId', example='nae_examplexxxx'),
  requestId?: string(name='RequestId', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model CreateNetworkAccessEndpointResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: CreateNetworkAccessEndpointResponseBody(name='body'),
}

/**
 * @summary 创建一个专属网络端点。
 *
 * @param request CreateNetworkAccessEndpointRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return CreateNetworkAccessEndpointResponse
 */
async function createNetworkAccessEndpointWithOptions(request: CreateNetworkAccessEndpointRequest, runtime: $RuntimeOptions): CreateNetworkAccessEndpointResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.clientToken)) {
    query['ClientToken'] = request.clientToken;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.networkAccessEndpointName)) {
    query['NetworkAccessEndpointName'] = request.networkAccessEndpointName;
  }
  if (!$isNull(request.vSwitchIds)) {
    query['VSwitchIds'] = request.vSwitchIds;
  }
  if (!$isNull(request.vpcId)) {
    query['VpcId'] = request.vpcId;
  }
  if (!$isNull(request.vpcRegionId)) {
    query['VpcRegionId'] = request.vpcRegionId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'CreateNetworkAccessEndpoint',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 创建一个专属网络端点。
 *
 * @param request CreateNetworkAccessEndpointRequest
 * @return CreateNetworkAccessEndpointResponse
 */
async function createNetworkAccessEndpoint(request: CreateNetworkAccessEndpointRequest): CreateNetworkAccessEndpointResponse {
  var runtime = new $RuntimeOptions{};
  return createNetworkAccessEndpointWithOptions(request, runtime);
}

model CreateOrganizationalUnitRequest {
  description?: string(name='Description', description='The description of the organization. The value can be up to 256 characters in length.', example='description'),
  instanceId?: string(name='InstanceId', description='The instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  organizationalUnitExternalId?: string(name='OrganizationalUnitExternalId', description='The external ID of the organization, which can be used to associate the organization with an external system. By default, the external ID is the organization ID. The value can be up to 64 characters in length.', example='ou_wovwffm62xifdziem7an7xxxxx'),
  organizationalUnitName?: string(name='OrganizationalUnitName', description='The name of the organization. The name can be up to 64 characters in length.

This parameter is required.', example='test_ou_name'),
  parentId?: string(name='ParentId', description='The parent organization ID.

This parameter is required.', example='ou_wovwffm62xifdziem7an7xxxxx'),
}

model CreateOrganizationalUnitResponseBody = {
  organizationalUnitId?: string(name='OrganizationalUnitId', description='The organization ID.', example='ou_wovwffm62xifdziem7an7xxxxx'),
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model CreateOrganizationalUnitResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: CreateOrganizationalUnitResponseBody(name='body'),
}

/**
 * @summary Creates an organization in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM).
 *
 * @param request CreateOrganizationalUnitRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return CreateOrganizationalUnitResponse
 */
async function createOrganizationalUnitWithOptions(request: CreateOrganizationalUnitRequest, runtime: $RuntimeOptions): CreateOrganizationalUnitResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.description)) {
    query['Description'] = request.description;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.organizationalUnitExternalId)) {
    query['OrganizationalUnitExternalId'] = request.organizationalUnitExternalId;
  }
  if (!$isNull(request.organizationalUnitName)) {
    query['OrganizationalUnitName'] = request.organizationalUnitName;
  }
  if (!$isNull(request.parentId)) {
    query['ParentId'] = request.parentId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'CreateOrganizationalUnit',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Creates an organization in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM).
 *
 * @param request CreateOrganizationalUnitRequest
 * @return CreateOrganizationalUnitResponse
 */
async function createOrganizationalUnit(request: CreateOrganizationalUnitRequest): CreateOrganizationalUnitResponse {
  var runtime = new $RuntimeOptions{};
  return createOrganizationalUnitWithOptions(request, runtime);
}

model CreateUserRequest {
  customFields?: [ 
    {
      fieldName?: string(name='FieldName', description='The name of the extended field. You must create the extended field in advance. To create an extended field, log on to the IDaaS console. In the left-side navigation pane, choose Accounts > Extended Fields, and then click Create Field on the Extended Fields page.', example='age'),
      fieldValue?: string(name='FieldValue', description='The value of the extended field. The value follows the limits on the properties of the extended field.', example='10'),
    }
  ](name='CustomFields', description='The extended fields.', example='description'),
  description?: string(name='Description', description='The description of the organizational unit. The description can be up to 256 characters in length.', example='description text'),
  displayName?: string(name='DisplayName', description='The display name of the account. The display name can be up to 64 characters in length.', example='name_001'),
  email?: string(name='Email', description='The email address of the user who owns the account. The email address prefix can contain letters, digits, underscores (_), periods (.), and hyphens (-).', example='example@example.com'),
  emailVerified?: boolean(name='EmailVerified', description='Specifies whether the email address is a trusted email address. This parameter is required if the Email parameter is specified. If you have no special business requirements, set this parameter to true.', example='true'),
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  organizationalUnitIds?: [ string ](name='OrganizationalUnitIds', description='The IDs of organizational units to which the account belongs. An account can belong to multiple organizational units.'),
  password?: string(name='Password', description='The password of the account. For more information, view the password policy of the instance in the IDaaS console.', example='123456'),
  passwordInitializationConfig?: {
    passwordForcedUpdateStatus?: string(name='PasswordForcedUpdateStatus', description='Specifies whether to forcibly change the password status. Default value: disabled. Valid values:

*   enabled: forcibly changes the password status.
*   disabled: does not forcibly change the password status.', example='enabled'),
    passwordInitializationPolicyPriority?: string(name='PasswordInitializationPolicyPriority', description='The priority of the password initialization policy. By default, this parameter does not take effect. Valid values:

*   global: The password initialization policy globally takes effect.
*   custom: The password initialization policy takes effect based on custom settings.', example='global'),
    passwordInitializationType?: string(name='PasswordInitializationType', description='The password initialization method. Set the value to random,

*   which indicates that the password is randomly generated.', example='random'),
    userNotificationChannels?: [ string ](name='UserNotificationChannels', description='The password notification methods.', example='sms'),
  }(name='PasswordInitializationConfig', description='The configurations for password initialization.'),
  phoneNumber?: string(name='PhoneNumber', description='The mobile phone number, which contains 6 to 15 digits.', example='12345678901'),
  phoneNumberVerified?: boolean(name='PhoneNumberVerified', description='Specifies whether the mobile phone number is a trusted mobile phone number. This parameter is required if the PhoneNumber parameter is specified. If you have no special business requirements, set this parameter to true.', example='true'),
  phoneRegion?: string(name='PhoneRegion', description='The country code of the mobile phone number. The country code contains only digits and does not contain a plus sign (+).', example='86'),
  primaryOrganizationalUnitId?: string(name='PrimaryOrganizationalUnitId', description='The ID of the primary organizational unit to which the account belongs.

This parameter is required.', example='ou_wovwffm62xifdziem7an7xxxxx'),
  userExternalId?: string(name='UserExternalId', description='The external ID of the account. The external ID can be used to associate the account with an external system. The external ID can be up to 64 characters in length. If you do not specify an external ID for the account, the ID of the account is used as the external ID by default.', example='user_d6sbsuumeta4h66ec3il7yxxxx'),
  username?: string(name='Username', description='The name of the account. The name can be up to 64 characters in length and can contain letters, digits, underscores (_), periods (.), at signs (@), and hyphens (-).

This parameter is required.', example='user_001'),
}

model CreateUserResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
  userId?: string(name='UserId', description='The ID of the account.', example='user_d6sbsuumeta4h66ec3il7yxxxx'),
}

model CreateUserResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: CreateUserResponseBody(name='body'),
}

/**
 * @summary Creates an account in an Identity as a Service (IDaaS) Enterprise Identity Access Management (EIAM) instance.
 *
 * @param request CreateUserRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return CreateUserResponse
 */
async function createUserWithOptions(request: CreateUserRequest, runtime: $RuntimeOptions): CreateUserResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.customFields)) {
    query['CustomFields'] = request.customFields;
  }
  if (!$isNull(request.description)) {
    query['Description'] = request.description;
  }
  if (!$isNull(request.displayName)) {
    query['DisplayName'] = request.displayName;
  }
  if (!$isNull(request.email)) {
    query['Email'] = request.email;
  }
  if (!$isNull(request.emailVerified)) {
    query['EmailVerified'] = request.emailVerified;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.organizationalUnitIds)) {
    query['OrganizationalUnitIds'] = request.organizationalUnitIds;
  }
  if (!$isNull(request.password)) {
    query['Password'] = request.password;
  }
  if (!$isNull(request.passwordInitializationConfig)) {
    query['PasswordInitializationConfig'] = request.passwordInitializationConfig;
  }
  if (!$isNull(request.phoneNumber)) {
    query['PhoneNumber'] = request.phoneNumber;
  }
  if (!$isNull(request.phoneNumberVerified)) {
    query['PhoneNumberVerified'] = request.phoneNumberVerified;
  }
  if (!$isNull(request.phoneRegion)) {
    query['PhoneRegion'] = request.phoneRegion;
  }
  if (!$isNull(request.primaryOrganizationalUnitId)) {
    query['PrimaryOrganizationalUnitId'] = request.primaryOrganizationalUnitId;
  }
  if (!$isNull(request.userExternalId)) {
    query['UserExternalId'] = request.userExternalId;
  }
  if (!$isNull(request.username)) {
    query['Username'] = request.username;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'CreateUser',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Creates an account in an Identity as a Service (IDaaS) Enterprise Identity Access Management (EIAM) instance.
 *
 * @param request CreateUserRequest
 * @return CreateUserResponse
 */
async function createUser(request: CreateUserRequest): CreateUserResponse {
  var runtime = new $RuntimeOptions{};
  return createUserWithOptions(request, runtime);
}

model DeleteApplicationRequest {
  applicationId?: string(name='ApplicationId', description='The ID of the application that you want to delete.

This parameter is required.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model DeleteApplicationResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model DeleteApplicationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeleteApplicationResponseBody(name='body'),
}

/**
 * @summary Deletes an Employee Identity and Access Management (EIAM) application.
 *
 * @description Make sure that the EIAM application that you want to delete is not used before you delete the EIAM application. After you delete the EIAM application, all configurations are deleted and cannot be restored.
 *
 * @param request DeleteApplicationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteApplicationResponse
 */
async function deleteApplicationWithOptions(request: DeleteApplicationRequest, runtime: $RuntimeOptions): DeleteApplicationResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.applicationId)) {
    query['ApplicationId'] = request.applicationId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'DeleteApplication',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Deletes an Employee Identity and Access Management (EIAM) application.
 *
 * @description Make sure that the EIAM application that you want to delete is not used before you delete the EIAM application. After you delete the EIAM application, all configurations are deleted and cannot be restored.
 *
 * @param request DeleteApplicationRequest
 * @return DeleteApplicationResponse
 */
async function deleteApplication(request: DeleteApplicationRequest): DeleteApplicationResponse {
  var runtime = new $RuntimeOptions{};
  return deleteApplicationWithOptions(request, runtime);
}

model DeleteApplicationClientSecretRequest {
  applicationId?: string(name='ApplicationId', description='The ID of the application for which you want to delete a client key.

This parameter is required.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  secretId?: string(name='SecretId', description='The ID of the client key that you want to delete for the application.

This parameter is required.', example='sci_k52x2ru63rlkflina5utgkxxxx'),
}

model DeleteApplicationClientSecretResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model DeleteApplicationClientSecretResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeleteApplicationClientSecretResponseBody(name='body'),
}

/**
 * @summary Deletes a client key for an Employee Identity and Access Management (EIAM) application.
 *
 * @param request DeleteApplicationClientSecretRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteApplicationClientSecretResponse
 */
async function deleteApplicationClientSecretWithOptions(request: DeleteApplicationClientSecretRequest, runtime: $RuntimeOptions): DeleteApplicationClientSecretResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.applicationId)) {
    query['ApplicationId'] = request.applicationId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.secretId)) {
    query['SecretId'] = request.secretId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'DeleteApplicationClientSecret',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Deletes a client key for an Employee Identity and Access Management (EIAM) application.
 *
 * @param request DeleteApplicationClientSecretRequest
 * @return DeleteApplicationClientSecretResponse
 */
async function deleteApplicationClientSecret(request: DeleteApplicationClientSecretRequest): DeleteApplicationClientSecretResponse {
  var runtime = new $RuntimeOptions{};
  return deleteApplicationClientSecretWithOptions(request, runtime);
}

model DeleteConditionalAccessPolicyRequest {
  conditionalAccessPolicyId?: string(name='ConditionalAccessPolicyId', description='Conditional Access Policy ID

This parameter is required.', example='cap_11111'),
  instanceId?: string(name='InstanceId', description='Instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model DeleteConditionalAccessPolicyResponseBody = {
  requestId?: string(name='RequestId', description='Request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model DeleteConditionalAccessPolicyResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeleteConditionalAccessPolicyResponseBody(name='body'),
}

/**
 * @summary Delete Conditional Access Policy
 *
 * @description When deleting a specified conditional access policy, please ensure that the policy is no longer in use. After deletion, all configuration data will be removed and cannot be recovered.
 *
 * @param request DeleteConditionalAccessPolicyRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteConditionalAccessPolicyResponse
 */
async function deleteConditionalAccessPolicyWithOptions(request: DeleteConditionalAccessPolicyRequest, runtime: $RuntimeOptions): DeleteConditionalAccessPolicyResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.conditionalAccessPolicyId)) {
    query['ConditionalAccessPolicyId'] = request.conditionalAccessPolicyId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'DeleteConditionalAccessPolicy',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Delete Conditional Access Policy
 *
 * @description When deleting a specified conditional access policy, please ensure that the policy is no longer in use. After deletion, all configuration data will be removed and cannot be recovered.
 *
 * @param request DeleteConditionalAccessPolicyRequest
 * @return DeleteConditionalAccessPolicyResponse
 */
async function deleteConditionalAccessPolicy(request: DeleteConditionalAccessPolicyRequest): DeleteConditionalAccessPolicyResponse {
  var runtime = new $RuntimeOptions{};
  return deleteConditionalAccessPolicyWithOptions(request, runtime);
}

model DeleteDomainRequest {
  domainId?: string(name='DomainId', description='域名ID。

This parameter is required.', example='dm_examplexxxx'),
  instanceId?: string(name='InstanceId', description='IDaaS EIAM实例的ID。

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model DeleteDomainResponseBody = {
  requestId?: string(name='RequestId', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model DeleteDomainResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeleteDomainResponseBody(name='body'),
}

/**
 * @summary 删除域名。
 *
 * @param request DeleteDomainRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteDomainResponse
 */
async function deleteDomainWithOptions(request: DeleteDomainRequest, runtime: $RuntimeOptions): DeleteDomainResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.domainId)) {
    query['DomainId'] = request.domainId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'DeleteDomain',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 删除域名。
 *
 * @param request DeleteDomainRequest
 * @return DeleteDomainResponse
 */
async function deleteDomain(request: DeleteDomainRequest): DeleteDomainResponse {
  var runtime = new $RuntimeOptions{};
  return deleteDomainWithOptions(request, runtime);
}

model DeleteDomainProxyTokenRequest {
  domainId?: string(name='DomainId', description='域名ID。

This parameter is required.', example='dm_examplexxxxx'),
  domainProxyTokenId?: string(name='DomainProxyTokenId', description='域名代理Token ID。

This parameter is required.', example='pt_examplexxxx'),
  instanceId?: string(name='InstanceId', description='IDaaS EIAM实例的ID。

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model DeleteDomainProxyTokenResponseBody = {
  requestId?: string(name='RequestId', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model DeleteDomainProxyTokenResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeleteDomainProxyTokenResponseBody(name='body'),
}

/**
 * @summary 删除指定域名代理Token，删除之前请保证代理Token处于禁用状态。
 *
 * @param request DeleteDomainProxyTokenRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteDomainProxyTokenResponse
 */
async function deleteDomainProxyTokenWithOptions(request: DeleteDomainProxyTokenRequest, runtime: $RuntimeOptions): DeleteDomainProxyTokenResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.domainId)) {
    query['DomainId'] = request.domainId;
  }
  if (!$isNull(request.domainProxyTokenId)) {
    query['DomainProxyTokenId'] = request.domainProxyTokenId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'DeleteDomainProxyToken',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 删除指定域名代理Token，删除之前请保证代理Token处于禁用状态。
 *
 * @param request DeleteDomainProxyTokenRequest
 * @return DeleteDomainProxyTokenResponse
 */
async function deleteDomainProxyToken(request: DeleteDomainProxyTokenRequest): DeleteDomainProxyTokenResponse {
  var runtime = new $RuntimeOptions{};
  return deleteDomainProxyTokenWithOptions(request, runtime);
}

model DeleteGroupRequest {
  groupId?: string(name='GroupId', description='The group ID.

This parameter is required.', example='group_d6sbsuumeta4h66ec3il7yxxxx'),
  instanceId?: string(name='InstanceId', description='The instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model DeleteGroupResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model DeleteGroupResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeleteGroupResponseBody(name='body'),
}

/**
 * @summary Deletes the information of an account group in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM).
 *
 * @param request DeleteGroupRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteGroupResponse
 */
async function deleteGroupWithOptions(request: DeleteGroupRequest, runtime: $RuntimeOptions): DeleteGroupResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.groupId)) {
    query['GroupId'] = request.groupId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'DeleteGroup',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Deletes the information of an account group in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM).
 *
 * @param request DeleteGroupRequest
 * @return DeleteGroupResponse
 */
async function deleteGroup(request: DeleteGroupRequest): DeleteGroupResponse {
  var runtime = new $RuntimeOptions{};
  return deleteGroupWithOptions(request, runtime);
}

model DeleteIdentityProviderRequest {
  identityProviderId?: string(name='IdentityProviderId', description='IDaaS的身份提供方主键id

This parameter is required.', example='idp_my664lwkhpicbyzirog3xxxxx'),
  instanceId?: string(name='InstanceId', description='IDaaS EIAM的实例id

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model DeleteIdentityProviderResponseBody = {
  requestId?: string(name='RequestId', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model DeleteIdentityProviderResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeleteIdentityProviderResponseBody(name='body'),
}

/**
 * @summary 删除身份提供方
 *
 * @param request DeleteIdentityProviderRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteIdentityProviderResponse
 */
async function deleteIdentityProviderWithOptions(request: DeleteIdentityProviderRequest, runtime: $RuntimeOptions): DeleteIdentityProviderResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.identityProviderId)) {
    query['IdentityProviderId'] = request.identityProviderId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'DeleteIdentityProvider',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 删除身份提供方
 *
 * @param request DeleteIdentityProviderRequest
 * @return DeleteIdentityProviderResponse
 */
async function deleteIdentityProvider(request: DeleteIdentityProviderRequest): DeleteIdentityProviderResponse {
  var runtime = new $RuntimeOptions{};
  return deleteIdentityProviderWithOptions(request, runtime);
}

model DeleteInstanceRequest {
  instanceId?: string(name='InstanceId', description='The ID of the instance to be deleted.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model DeleteInstanceResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model DeleteInstanceResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeleteInstanceResponseBody(name='body'),
}

/**
 * @summary Deletes an Enterprise Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS) that you do not need.
 *
 * @description Make sure that the instance to be deleted is no longer used. If the instance is deleted, all data related to the instance will be deleted.
 *
 * @param request DeleteInstanceRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteInstanceResponse
 */
async function deleteInstanceWithOptions(request: DeleteInstanceRequest, runtime: $RuntimeOptions): DeleteInstanceResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'DeleteInstance',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Deletes an Enterprise Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS) that you do not need.
 *
 * @description Make sure that the instance to be deleted is no longer used. If the instance is deleted, all data related to the instance will be deleted.
 *
 * @param request DeleteInstanceRequest
 * @return DeleteInstanceResponse
 */
async function deleteInstance(request: DeleteInstanceRequest): DeleteInstanceResponse {
  var runtime = new $RuntimeOptions{};
  return deleteInstanceWithOptions(request, runtime);
}

model DeleteNetworkAccessEndpointRequest {
  instanceId?: string(name='InstanceId', description='IDaaS EIAM实例的ID。

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  networkAccessEndpointId?: string(name='NetworkAccessEndpointId', description='专属网络端点ID。

This parameter is required.', example='nae_examplexxxx'),
}

model DeleteNetworkAccessEndpointResponseBody = {
  requestId?: string(name='RequestId', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model DeleteNetworkAccessEndpointResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeleteNetworkAccessEndpointResponseBody(name='body'),
}

/**
 * @summary 删除一个专属网络端点。
 *
 * @param request DeleteNetworkAccessEndpointRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteNetworkAccessEndpointResponse
 */
async function deleteNetworkAccessEndpointWithOptions(request: DeleteNetworkAccessEndpointRequest, runtime: $RuntimeOptions): DeleteNetworkAccessEndpointResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.networkAccessEndpointId)) {
    query['NetworkAccessEndpointId'] = request.networkAccessEndpointId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'DeleteNetworkAccessEndpoint',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 删除一个专属网络端点。
 *
 * @param request DeleteNetworkAccessEndpointRequest
 * @return DeleteNetworkAccessEndpointResponse
 */
async function deleteNetworkAccessEndpoint(request: DeleteNetworkAccessEndpointRequest): DeleteNetworkAccessEndpointResponse {
  var runtime = new $RuntimeOptions{};
  return deleteNetworkAccessEndpointWithOptions(request, runtime);
}

model DeleteOrganizationalUnitRequest {
  instanceId?: string(name='InstanceId', description='The instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  organizationalUnitId?: string(name='OrganizationalUnitId', description='The organization ID.

This parameter is required.', example='ou_wovwffm62xifdziem7an7xxxxx'),
}

model DeleteOrganizationalUnitResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model DeleteOrganizationalUnitResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeleteOrganizationalUnitResponseBody(name='body'),
}

/**
 * @summary Deletes an organization in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM). If the organization has EIAM accounts or child organizations, the delete operation fails.
 *
 * @param request DeleteOrganizationalUnitRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteOrganizationalUnitResponse
 */
async function deleteOrganizationalUnitWithOptions(request: DeleteOrganizationalUnitRequest, runtime: $RuntimeOptions): DeleteOrganizationalUnitResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.organizationalUnitId)) {
    query['OrganizationalUnitId'] = request.organizationalUnitId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'DeleteOrganizationalUnit',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Deletes an organization in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM). If the organization has EIAM accounts or child organizations, the delete operation fails.
 *
 * @param request DeleteOrganizationalUnitRequest
 * @return DeleteOrganizationalUnitResponse
 */
async function deleteOrganizationalUnit(request: DeleteOrganizationalUnitRequest): DeleteOrganizationalUnitResponse {
  var runtime = new $RuntimeOptions{};
  return deleteOrganizationalUnitWithOptions(request, runtime);
}

model DeleteOrganizationalUnitChildrenRequest {
  instanceId?: string(name='InstanceId', description='Instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  organizationalUnitId?: string(name='OrganizationalUnitId', description='Organizational Unit ID.

This parameter is required.', example='ou_wovwffm62xifdziem7an7xxxxx'),
}

model DeleteOrganizationalUnitChildrenResponseBody = {
  requestId?: string(name='RequestId', description='Request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model DeleteOrganizationalUnitChildrenResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeleteOrganizationalUnitChildrenResponseBody(name='body'),
}

/**
 * @summary Delete organizational unit information, forcibly deleting all accounts and sub-organizations beneath it
 *
 * @param request DeleteOrganizationalUnitChildrenRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteOrganizationalUnitChildrenResponse
 */
async function deleteOrganizationalUnitChildrenWithOptions(request: DeleteOrganizationalUnitChildrenRequest, runtime: $RuntimeOptions): DeleteOrganizationalUnitChildrenResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.organizationalUnitId)) {
    query['OrganizationalUnitId'] = request.organizationalUnitId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'DeleteOrganizationalUnitChildren',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Delete organizational unit information, forcibly deleting all accounts and sub-organizations beneath it
 *
 * @param request DeleteOrganizationalUnitChildrenRequest
 * @return DeleteOrganizationalUnitChildrenResponse
 */
async function deleteOrganizationalUnitChildren(request: DeleteOrganizationalUnitChildrenRequest): DeleteOrganizationalUnitChildrenResponse {
  var runtime = new $RuntimeOptions{};
  return deleteOrganizationalUnitChildrenWithOptions(request, runtime);
}

model DeleteUserRequest {
  instanceId?: string(name='InstanceId', description='The instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  userId?: string(name='UserId', description='The account ID.

This parameter is required.', example='user_d6sbsuumeta4h66ec3il7yxxxx'),
}

model DeleteUserResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model DeleteUserResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeleteUserResponseBody(name='body'),
}

/**
 * @summary Deletes an Employee Identity and Access Management (EIAM) account of Identity as a Service (IDaaS). The information related to the account is cleared.
 *
 * @param request DeleteUserRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteUserResponse
 */
async function deleteUserWithOptions(request: DeleteUserRequest, runtime: $RuntimeOptions): DeleteUserResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.userId)) {
    query['UserId'] = request.userId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'DeleteUser',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Deletes an Employee Identity and Access Management (EIAM) account of Identity as a Service (IDaaS). The information related to the account is cleared.
 *
 * @param request DeleteUserRequest
 * @return DeleteUserResponse
 */
async function deleteUser(request: DeleteUserRequest): DeleteUserResponse {
  var runtime = new $RuntimeOptions{};
  return deleteUserWithOptions(request, runtime);
}

model DisableApplicationRequest {
  applicationId?: string(name='ApplicationId', description='The ID of the application that you want to disable.

This parameter is required.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model DisableApplicationResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model DisableApplicationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DisableApplicationResponseBody(name='body'),
}

/**
 * @summary Disables an enabled Employee Identity and Access Management (EIAM) application. All features of the EIAM application cannot be used if you disable the EIAM application.
 *
 * @description All features of the EIAM application cannot be used if you disable the EIAM application, such as single sign-on (SSO) and account synchronization. Make sure that you acknowledge the risks of the delete operation.
 *
 * @param request DisableApplicationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DisableApplicationResponse
 */
async function disableApplicationWithOptions(request: DisableApplicationRequest, runtime: $RuntimeOptions): DisableApplicationResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.applicationId)) {
    query['ApplicationId'] = request.applicationId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'DisableApplication',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Disables an enabled Employee Identity and Access Management (EIAM) application. All features of the EIAM application cannot be used if you disable the EIAM application.
 *
 * @description All features of the EIAM application cannot be used if you disable the EIAM application, such as single sign-on (SSO) and account synchronization. Make sure that you acknowledge the risks of the delete operation.
 *
 * @param request DisableApplicationRequest
 * @return DisableApplicationResponse
 */
async function disableApplication(request: DisableApplicationRequest): DisableApplicationResponse {
  var runtime = new $RuntimeOptions{};
  return disableApplicationWithOptions(request, runtime);
}

model DisableApplicationApiInvokeRequest {
  applicationId?: string(name='ApplicationId', description='The ID of the application.

This parameter is required.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model DisableApplicationApiInvokeResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model DisableApplicationApiInvokeResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DisableApplicationApiInvokeResponseBody(name='body'),
}

/**
 * @summary Disables the Developer API feature for an Employee Identity and Access Management (EIAM) application.
 *
 * @param request DisableApplicationApiInvokeRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DisableApplicationApiInvokeResponse
 */
async function disableApplicationApiInvokeWithOptions(request: DisableApplicationApiInvokeRequest, runtime: $RuntimeOptions): DisableApplicationApiInvokeResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.applicationId)) {
    query['ApplicationId'] = request.applicationId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'DisableApplicationApiInvoke',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Disables the Developer API feature for an Employee Identity and Access Management (EIAM) application.
 *
 * @param request DisableApplicationApiInvokeRequest
 * @return DisableApplicationApiInvokeResponse
 */
async function disableApplicationApiInvoke(request: DisableApplicationApiInvokeRequest): DisableApplicationApiInvokeResponse {
  var runtime = new $RuntimeOptions{};
  return disableApplicationApiInvokeWithOptions(request, runtime);
}

model DisableApplicationClientSecretRequest {
  applicationId?: string(name='ApplicationId', description='The ID of the application for which you want to disable a client key.

This parameter is required.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  secretId?: string(name='SecretId', description='The client key ID of the application.

This parameter is required.', example='sci_k52x2ru63rlkflina5utgkxxxx'),
}

model DisableApplicationClientSecretResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model DisableApplicationClientSecretResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DisableApplicationClientSecretResponseBody(name='body'),
}

/**
 * @summary Disables a client key of an Employee Identity and Access Management (EIAM) application.
 *
 * @param request DisableApplicationClientSecretRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DisableApplicationClientSecretResponse
 */
async function disableApplicationClientSecretWithOptions(request: DisableApplicationClientSecretRequest, runtime: $RuntimeOptions): DisableApplicationClientSecretResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.applicationId)) {
    query['ApplicationId'] = request.applicationId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.secretId)) {
    query['SecretId'] = request.secretId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'DisableApplicationClientSecret',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Disables a client key of an Employee Identity and Access Management (EIAM) application.
 *
 * @param request DisableApplicationClientSecretRequest
 * @return DisableApplicationClientSecretResponse
 */
async function disableApplicationClientSecret(request: DisableApplicationClientSecretRequest): DisableApplicationClientSecretResponse {
  var runtime = new $RuntimeOptions{};
  return disableApplicationClientSecretWithOptions(request, runtime);
}

model DisableApplicationProvisioningRequest {
  applicationId?: string(name='ApplicationId', description='The ID of the application.

This parameter is required.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model DisableApplicationProvisioningResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model DisableApplicationProvisioningResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DisableApplicationProvisioningResponseBody(name='body'),
}

/**
 * @summary Disables the account synchronization feature for an application in Identity as a Service (IDaaS) Employee IAM (EIAM).
 *
 * @param request DisableApplicationProvisioningRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DisableApplicationProvisioningResponse
 */
async function disableApplicationProvisioningWithOptions(request: DisableApplicationProvisioningRequest, runtime: $RuntimeOptions): DisableApplicationProvisioningResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.applicationId)) {
    query['ApplicationId'] = request.applicationId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'DisableApplicationProvisioning',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Disables the account synchronization feature for an application in Identity as a Service (IDaaS) Employee IAM (EIAM).
 *
 * @param request DisableApplicationProvisioningRequest
 * @return DisableApplicationProvisioningResponse
 */
async function disableApplicationProvisioning(request: DisableApplicationProvisioningRequest): DisableApplicationProvisioningResponse {
  var runtime = new $RuntimeOptions{};
  return disableApplicationProvisioningWithOptions(request, runtime);
}

model DisableApplicationSsoRequest {
  applicationId?: string(name='ApplicationId', description='IDaaS的应用主键id

This parameter is required.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
  instanceId?: string(name='InstanceId', description='IDaaS EIAM的实例id

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model DisableApplicationSsoResponseBody = {
  requestId?: string(name='RequestId', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model DisableApplicationSsoResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DisableApplicationSsoResponseBody(name='body'),
}

/**
 * @summary 禁用应用SSO能力
 *
 * @param request DisableApplicationSsoRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DisableApplicationSsoResponse
 */
async function disableApplicationSsoWithOptions(request: DisableApplicationSsoRequest, runtime: $RuntimeOptions): DisableApplicationSsoResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.applicationId)) {
    query['ApplicationId'] = request.applicationId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'DisableApplicationSso',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 禁用应用SSO能力
 *
 * @param request DisableApplicationSsoRequest
 * @return DisableApplicationSsoResponse
 */
async function disableApplicationSso(request: DisableApplicationSsoRequest): DisableApplicationSsoResponse {
  var runtime = new $RuntimeOptions{};
  return disableApplicationSsoWithOptions(request, runtime);
}

model DisableConditionalAccessPolicyRequest {
  conditionalAccessPolicyId?: string(name='ConditionalAccessPolicyId', description='Conditional Access Policy ID

This parameter is required.', example='cap_11111'),
  instanceId?: string(name='InstanceId', description='Instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model DisableConditionalAccessPolicyResponseBody = {
  requestId?: string(name='RequestId', description='请求ID。', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model DisableConditionalAccessPolicyResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DisableConditionalAccessPolicyResponseBody(name='body'),
}

/**
 * @summary Disable Conditional Access Policy
 *
 * @description When changing a conditional access policy from an enabled state to a disabled state, the policy will no longer intercept. Please confirm that you are aware of the potential risks associated with this action.
 *
 * @param request DisableConditionalAccessPolicyRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DisableConditionalAccessPolicyResponse
 */
async function disableConditionalAccessPolicyWithOptions(request: DisableConditionalAccessPolicyRequest, runtime: $RuntimeOptions): DisableConditionalAccessPolicyResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.conditionalAccessPolicyId)) {
    query['ConditionalAccessPolicyId'] = request.conditionalAccessPolicyId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'DisableConditionalAccessPolicy',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Disable Conditional Access Policy
 *
 * @description When changing a conditional access policy from an enabled state to a disabled state, the policy will no longer intercept. Please confirm that you are aware of the potential risks associated with this action.
 *
 * @param request DisableConditionalAccessPolicyRequest
 * @return DisableConditionalAccessPolicyResponse
 */
async function disableConditionalAccessPolicy(request: DisableConditionalAccessPolicyRequest): DisableConditionalAccessPolicyResponse {
  var runtime = new $RuntimeOptions{};
  return disableConditionalAccessPolicyWithOptions(request, runtime);
}

model DisableDomainProxyTokenRequest {
  domainId?: string(name='DomainId', description='域名ID。

This parameter is required.', example='dm_examplexxxxx'),
  domainProxyTokenId?: string(name='DomainProxyTokenId', description='域名代理Token ID。

This parameter is required.', example='pt_examplexxxx'),
  instanceId?: string(name='InstanceId', description='IDaaS EIAM实例的ID。

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model DisableDomainProxyTokenResponseBody = {
  requestId?: string(name='RequestId', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model DisableDomainProxyTokenResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DisableDomainProxyTokenResponseBody(name='body'),
}

/**
 * @summary 禁用指定域名代理Token。
 *
 * @param request DisableDomainProxyTokenRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DisableDomainProxyTokenResponse
 */
async function disableDomainProxyTokenWithOptions(request: DisableDomainProxyTokenRequest, runtime: $RuntimeOptions): DisableDomainProxyTokenResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.domainId)) {
    query['DomainId'] = request.domainId;
  }
  if (!$isNull(request.domainProxyTokenId)) {
    query['DomainProxyTokenId'] = request.domainProxyTokenId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'DisableDomainProxyToken',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 禁用指定域名代理Token。
 *
 * @param request DisableDomainProxyTokenRequest
 * @return DisableDomainProxyTokenResponse
 */
async function disableDomainProxyToken(request: DisableDomainProxyTokenRequest): DisableDomainProxyTokenResponse {
  var runtime = new $RuntimeOptions{};
  return disableDomainProxyTokenWithOptions(request, runtime);
}

model DisableIdentityProviderUdPullRequest {
  identityProviderId?: string(name='IdentityProviderId', description='IDaaS的身份提供方主键id

This parameter is required.', example='idp_my664lwkhpicbyzirog3xxxxx'),
  instanceId?: string(name='InstanceId', description='IDaaS EIAM的实例id

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model DisableIdentityProviderUdPullResponseBody = {
  requestId?: string(name='RequestId', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model DisableIdentityProviderUdPullResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DisableIdentityProviderUdPullResponseBody(name='body'),
}

/**
 * @summary 禁用同步入
 *
 * @param request DisableIdentityProviderUdPullRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DisableIdentityProviderUdPullResponse
 */
async function disableIdentityProviderUdPullWithOptions(request: DisableIdentityProviderUdPullRequest, runtime: $RuntimeOptions): DisableIdentityProviderUdPullResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.identityProviderId)) {
    query['IdentityProviderId'] = request.identityProviderId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'DisableIdentityProviderUdPull',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 禁用同步入
 *
 * @param request DisableIdentityProviderUdPullRequest
 * @return DisableIdentityProviderUdPullResponse
 */
async function disableIdentityProviderUdPull(request: DisableIdentityProviderUdPullRequest): DisableIdentityProviderUdPullResponse {
  var runtime = new $RuntimeOptions{};
  return disableIdentityProviderUdPullWithOptions(request, runtime);
}

model DisableInitDomainAutoRedirectRequest {
  instanceId?: string(name='InstanceId', description='IDaaS EIAM实例的ID。

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model DisableInitDomainAutoRedirectResponseBody = {
  requestId?: string(name='RequestId', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model DisableInitDomainAutoRedirectResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DisableInitDomainAutoRedirectResponseBody(name='body'),
}

/**
 * @summary 关闭初始化域名自动跳转。
 *
 * @param request DisableInitDomainAutoRedirectRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DisableInitDomainAutoRedirectResponse
 */
async function disableInitDomainAutoRedirectWithOptions(request: DisableInitDomainAutoRedirectRequest, runtime: $RuntimeOptions): DisableInitDomainAutoRedirectResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'DisableInitDomainAutoRedirect',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 关闭初始化域名自动跳转。
 *
 * @param request DisableInitDomainAutoRedirectRequest
 * @return DisableInitDomainAutoRedirectResponse
 */
async function disableInitDomainAutoRedirect(request: DisableInitDomainAutoRedirectRequest): DisableInitDomainAutoRedirectResponse {
  var runtime = new $RuntimeOptions{};
  return disableInitDomainAutoRedirectWithOptions(request, runtime);
}

model DisableUserRequest {
  instanceId?: string(name='InstanceId', description='The instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  userId?: string(name='UserId', description='The ID of the account.

This parameter is required.', example='user_d6sbsuumeta4h66ec3il7yxxxx'),
}

model DisableUserResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model DisableUserResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DisableUserResponseBody(name='body'),
}

/**
 * @summary Disables an Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM) account. If the account is disabled, a success message is returned.
 *
 * @param request DisableUserRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DisableUserResponse
 */
async function disableUserWithOptions(request: DisableUserRequest, runtime: $RuntimeOptions): DisableUserResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.userId)) {
    query['UserId'] = request.userId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'DisableUser',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Disables an Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM) account. If the account is disabled, a success message is returned.
 *
 * @param request DisableUserRequest
 * @return DisableUserResponse
 */
async function disableUser(request: DisableUserRequest): DisableUserResponse {
  var runtime = new $RuntimeOptions{};
  return disableUserWithOptions(request, runtime);
}

model EnableApplicationRequest {
  applicationId?: string(name='ApplicationId', description='The ID of the application that you want to enable.

This parameter is required.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model EnableApplicationResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model EnableApplicationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: EnableApplicationResponseBody(name='body'),
}

/**
 * @summary Enables a disabled Employee Identity and Access Management (EIAM) application.
 *
 * @param request EnableApplicationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return EnableApplicationResponse
 */
async function enableApplicationWithOptions(request: EnableApplicationRequest, runtime: $RuntimeOptions): EnableApplicationResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.applicationId)) {
    query['ApplicationId'] = request.applicationId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'EnableApplication',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Enables a disabled Employee Identity and Access Management (EIAM) application.
 *
 * @param request EnableApplicationRequest
 * @return EnableApplicationResponse
 */
async function enableApplication(request: EnableApplicationRequest): EnableApplicationResponse {
  var runtime = new $RuntimeOptions{};
  return enableApplicationWithOptions(request, runtime);
}

model EnableApplicationApiInvokeRequest {
  applicationId?: string(name='ApplicationId', description='The ID of the application.

This parameter is required.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model EnableApplicationApiInvokeResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model EnableApplicationApiInvokeResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: EnableApplicationApiInvokeResponseBody(name='body'),
}

/**
 * @summary Enables the Developer API feature for an Employee Identity and Access Management (EIAM) application.
 *
 * @param request EnableApplicationApiInvokeRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return EnableApplicationApiInvokeResponse
 */
async function enableApplicationApiInvokeWithOptions(request: EnableApplicationApiInvokeRequest, runtime: $RuntimeOptions): EnableApplicationApiInvokeResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.applicationId)) {
    query['ApplicationId'] = request.applicationId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'EnableApplicationApiInvoke',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Enables the Developer API feature for an Employee Identity and Access Management (EIAM) application.
 *
 * @param request EnableApplicationApiInvokeRequest
 * @return EnableApplicationApiInvokeResponse
 */
async function enableApplicationApiInvoke(request: EnableApplicationApiInvokeRequest): EnableApplicationApiInvokeResponse {
  var runtime = new $RuntimeOptions{};
  return enableApplicationApiInvokeWithOptions(request, runtime);
}

model EnableApplicationClientSecretRequest {
  applicationId?: string(name='ApplicationId', description='The ID of the application.

This parameter is required.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  secretId?: string(name='SecretId', description='The client key ID of the application.

This parameter is required.', example='sci_k52x2ru63rlkflina5utgkxxxx'),
}

model EnableApplicationClientSecretResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model EnableApplicationClientSecretResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: EnableApplicationClientSecretResponseBody(name='body'),
}

/**
 * @summary Enables the client key of an application in Identity as a Service (IDaaS) Employee IAM (EIAM).
 *
 * @param request EnableApplicationClientSecretRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return EnableApplicationClientSecretResponse
 */
async function enableApplicationClientSecretWithOptions(request: EnableApplicationClientSecretRequest, runtime: $RuntimeOptions): EnableApplicationClientSecretResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.applicationId)) {
    query['ApplicationId'] = request.applicationId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.secretId)) {
    query['SecretId'] = request.secretId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'EnableApplicationClientSecret',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Enables the client key of an application in Identity as a Service (IDaaS) Employee IAM (EIAM).
 *
 * @param request EnableApplicationClientSecretRequest
 * @return EnableApplicationClientSecretResponse
 */
async function enableApplicationClientSecret(request: EnableApplicationClientSecretRequest): EnableApplicationClientSecretResponse {
  var runtime = new $RuntimeOptions{};
  return enableApplicationClientSecretWithOptions(request, runtime);
}

model EnableApplicationProvisioningRequest {
  applicationId?: string(name='ApplicationId', description='The ID of the application.

This parameter is required.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model EnableApplicationProvisioningResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model EnableApplicationProvisioningResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: EnableApplicationProvisioningResponseBody(name='body'),
}

/**
 * @summary Enables the account synchronization feature for an application in Identity as a Service (IDaaS) Employee IAM (EIAM).
 *
 * @param request EnableApplicationProvisioningRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return EnableApplicationProvisioningResponse
 */
async function enableApplicationProvisioningWithOptions(request: EnableApplicationProvisioningRequest, runtime: $RuntimeOptions): EnableApplicationProvisioningResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.applicationId)) {
    query['ApplicationId'] = request.applicationId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'EnableApplicationProvisioning',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Enables the account synchronization feature for an application in Identity as a Service (IDaaS) Employee IAM (EIAM).
 *
 * @param request EnableApplicationProvisioningRequest
 * @return EnableApplicationProvisioningResponse
 */
async function enableApplicationProvisioning(request: EnableApplicationProvisioningRequest): EnableApplicationProvisioningResponse {
  var runtime = new $RuntimeOptions{};
  return enableApplicationProvisioningWithOptions(request, runtime);
}

model EnableApplicationSsoRequest {
  applicationId?: string(name='ApplicationId', description='IDaaS的应用主键id

This parameter is required.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
  instanceId?: string(name='InstanceId', description='IDaaS EIAM的实例id

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model EnableApplicationSsoResponseBody = {
  requestId?: string(name='RequestId', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model EnableApplicationSsoResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: EnableApplicationSsoResponseBody(name='body'),
}

/**
 * @summary 启用应用SSO能力
 *
 * @param request EnableApplicationSsoRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return EnableApplicationSsoResponse
 */
async function enableApplicationSsoWithOptions(request: EnableApplicationSsoRequest, runtime: $RuntimeOptions): EnableApplicationSsoResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.applicationId)) {
    query['ApplicationId'] = request.applicationId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'EnableApplicationSso',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 启用应用SSO能力
 *
 * @param request EnableApplicationSsoRequest
 * @return EnableApplicationSsoResponse
 */
async function enableApplicationSso(request: EnableApplicationSsoRequest): EnableApplicationSsoResponse {
  var runtime = new $RuntimeOptions{};
  return enableApplicationSsoWithOptions(request, runtime);
}

model EnableConditionalAccessPolicyRequest {
  conditionalAccessPolicyId?: string(name='ConditionalAccessPolicyId', description='Conditional Access Policy ID

This parameter is required.', example='cap_11111'),
  instanceId?: string(name='InstanceId', description='Instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model EnableConditionalAccessPolicyResponseBody = {
  requestId?: string(name='RequestId', description='请求ID。', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model EnableConditionalAccessPolicyResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: EnableConditionalAccessPolicyResponseBody(name='body'),
}

/**
 * @summary Enable Conditional Access Policy
 *
 * @description When changing the status of a conditional access policy from enabled to disabled, the policy will no longer intercept. Please confirm that you are aware of the potential risks associated with this action.
 *
 * @param request EnableConditionalAccessPolicyRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return EnableConditionalAccessPolicyResponse
 */
async function enableConditionalAccessPolicyWithOptions(request: EnableConditionalAccessPolicyRequest, runtime: $RuntimeOptions): EnableConditionalAccessPolicyResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.conditionalAccessPolicyId)) {
    query['ConditionalAccessPolicyId'] = request.conditionalAccessPolicyId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'EnableConditionalAccessPolicy',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Enable Conditional Access Policy
 *
 * @description When changing the status of a conditional access policy from enabled to disabled, the policy will no longer intercept. Please confirm that you are aware of the potential risks associated with this action.
 *
 * @param request EnableConditionalAccessPolicyRequest
 * @return EnableConditionalAccessPolicyResponse
 */
async function enableConditionalAccessPolicy(request: EnableConditionalAccessPolicyRequest): EnableConditionalAccessPolicyResponse {
  var runtime = new $RuntimeOptions{};
  return enableConditionalAccessPolicyWithOptions(request, runtime);
}

model EnableDomainProxyTokenRequest {
  domainId?: string(name='DomainId', description='域名ID。

This parameter is required.', example='dm_examplexxxxx'),
  domainProxyTokenId?: string(name='DomainProxyTokenId', description='域名代理Token ID。

This parameter is required.', example='pt_examplexxxx'),
  instanceId?: string(name='InstanceId', description='IDaaS EIAM实例的ID。

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model EnableDomainProxyTokenResponseBody = {
  requestId?: string(name='RequestId', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model EnableDomainProxyTokenResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: EnableDomainProxyTokenResponseBody(name='body'),
}

/**
 * @summary 启用指定域名代理Token。
 *
 * @param request EnableDomainProxyTokenRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return EnableDomainProxyTokenResponse
 */
async function enableDomainProxyTokenWithOptions(request: EnableDomainProxyTokenRequest, runtime: $RuntimeOptions): EnableDomainProxyTokenResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.domainId)) {
    query['DomainId'] = request.domainId;
  }
  if (!$isNull(request.domainProxyTokenId)) {
    query['DomainProxyTokenId'] = request.domainProxyTokenId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'EnableDomainProxyToken',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 启用指定域名代理Token。
 *
 * @param request EnableDomainProxyTokenRequest
 * @return EnableDomainProxyTokenResponse
 */
async function enableDomainProxyToken(request: EnableDomainProxyTokenRequest): EnableDomainProxyTokenResponse {
  var runtime = new $RuntimeOptions{};
  return enableDomainProxyTokenWithOptions(request, runtime);
}

model EnableIdentityProviderUdPullRequest {
  identityProviderId?: string(name='IdentityProviderId', description='IDaaS的身份提供方主键id

This parameter is required.', example='idp_my664lwkhpicbyzirog3xxxxx'),
  instanceId?: string(name='InstanceId', description='IDaaS EIAM的实例id

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model EnableIdentityProviderUdPullResponseBody = {
  requestId?: string(name='RequestId', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model EnableIdentityProviderUdPullResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: EnableIdentityProviderUdPullResponseBody(name='body'),
}

/**
 * @summary 启用同步入
 *
 * @param request EnableIdentityProviderUdPullRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return EnableIdentityProviderUdPullResponse
 */
async function enableIdentityProviderUdPullWithOptions(request: EnableIdentityProviderUdPullRequest, runtime: $RuntimeOptions): EnableIdentityProviderUdPullResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.identityProviderId)) {
    query['IdentityProviderId'] = request.identityProviderId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'EnableIdentityProviderUdPull',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 启用同步入
 *
 * @param request EnableIdentityProviderUdPullRequest
 * @return EnableIdentityProviderUdPullResponse
 */
async function enableIdentityProviderUdPull(request: EnableIdentityProviderUdPullRequest): EnableIdentityProviderUdPullResponse {
  var runtime = new $RuntimeOptions{};
  return enableIdentityProviderUdPullWithOptions(request, runtime);
}

model EnableInitDomainAutoRedirectRequest {
  instanceId?: string(name='InstanceId', description='IDaaS EIAM实例的ID。

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model EnableInitDomainAutoRedirectResponseBody = {
  requestId?: string(name='RequestId', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model EnableInitDomainAutoRedirectResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: EnableInitDomainAutoRedirectResponseBody(name='body'),
}

/**
 * @summary 开启初始化域名自动跳转。开启后，访问初始化域名将会自动跳转至默认域名。
 *
 * @param request EnableInitDomainAutoRedirectRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return EnableInitDomainAutoRedirectResponse
 */
async function enableInitDomainAutoRedirectWithOptions(request: EnableInitDomainAutoRedirectRequest, runtime: $RuntimeOptions): EnableInitDomainAutoRedirectResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'EnableInitDomainAutoRedirect',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 开启初始化域名自动跳转。开启后，访问初始化域名将会自动跳转至默认域名。
 *
 * @param request EnableInitDomainAutoRedirectRequest
 * @return EnableInitDomainAutoRedirectResponse
 */
async function enableInitDomainAutoRedirect(request: EnableInitDomainAutoRedirectRequest): EnableInitDomainAutoRedirectResponse {
  var runtime = new $RuntimeOptions{};
  return enableInitDomainAutoRedirectWithOptions(request, runtime);
}

model EnableUserRequest {
  instanceId?: string(name='InstanceId', description='The instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  userId?: string(name='UserId', description='The account ID.

This parameter is required.', example='user_d6sbsuumeta4h66ec3il7yxxxx'),
}

model EnableUserResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model EnableUserResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: EnableUserResponseBody(name='body'),
}

/**
 * @summary Enables an Employee Identity and Access Management (EIAM) account of Identity as a Service (IDaaS).
 *
 * @param request EnableUserRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return EnableUserResponse
 */
async function enableUserWithOptions(request: EnableUserRequest, runtime: $RuntimeOptions): EnableUserResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.userId)) {
    query['UserId'] = request.userId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'EnableUser',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Enables an Employee Identity and Access Management (EIAM) account of Identity as a Service (IDaaS).
 *
 * @param request EnableUserRequest
 * @return EnableUserResponse
 */
async function enableUser(request: EnableUserRequest): EnableUserResponse {
  var runtime = new $RuntimeOptions{};
  return enableUserWithOptions(request, runtime);
}

model GetApplicationRequest {
  applicationId?: string(name='ApplicationId', description='The ID of the application that you want to query.

This parameter is required.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model GetApplicationResponseBody = {
  application?: {
    apiInvokeStatus?: string(name='ApiInvokeStatus', description='The status of the Developer API feature. Valid values:

*   Enabled: The Developer API feature is enabled.
*   Disabled: The Developer API feature is disabled.', example='disabled'),
    applicationId?: string(name='ApplicationId', description='The ID of the application.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
    applicationName?: string(name='ApplicationName', description='The name of the application.', example='SAML Application'),
    applicationSourceType?: string(name='ApplicationSourceType', description='The origin of the application. Valid values:

*   urn:alibaba:idaas:app:source:template: The application is created based on a template.
*   urn:alibaba:idaas: The application is created based on the standard protocol.', example='urn:alibaba:idaas:app:source:template'),
    applicationTemplateId?: string(name='ApplicationTemplateId', description='The ID of the template based on which the application is created. This parameter is returned only if the application is created based on a template.', example='apt_rpa_tdsxxx'),
    applicationVisibility?: [ string ](name='ApplicationVisibility'),
    authorizationType?: string(name='AuthorizationType', description='The authorization type of the EIAM application. Valid values:

*   authorize_required: Only the user with explicit authorization can access the application.
*   default_all: By default, all users can access the application.', example='authorize_required'),
    clientId?: string(name='ClientId', description='The client ID of the application.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
    createTime?: long(name='CreateTime', description='The time when the application was created. The value is a UNIX timestamp. Unit: milliseconds.', example='1649830226000'),
    description?: string(name='Description', description='The description of the application.', example='The application is applicable to the test environment.'),
    features?: string(name='Features', description='The features that are supported by the application. The value is a JSON array. Valid values:

*   sso: The application supports SSO.
*   provision: The application supports account synchronization.
*   api_invoke: The application supports custom APIs.', example='["sso", "provision"]'),
    instanceId?: string(name='InstanceId', description='The ID of the instance.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
    logoUrl?: string(name='LogoUrl', description='The URL of the application icon.', example='https://img.alicdn.com/imgextra/i4/O1CN01lvYwpv1aGowQXDML9_!!6000000003303-0-tps-580-580.jpg'),
    m2MClientStatus?: string(name='M2MClientStatus'),
    managedServiceCode?: string(name='ManagedServiceCode', description='The service code of the cloud service that manages the application template.', example='rpa'),
    resourceServerIdentifier?: string(name='ResourceServerIdentifier'),
    resourceServerStatus?: string(name='ResourceServerStatus'),
    serviceManaged?: boolean(name='ServiceManaged', description='Indicates whether the application template is managed by a cloud service.', example='true'),
    ssoType?: string(name='SsoType', description='The type of the single sign-on (SSO) protocol. Valid values:

*   saml2: the Security Assertion Markup Language (SAML) 2.0 protocol.
*   oidc: the OpenID Connect (OIDC) protocol.', example='saml2'),
    status?: string(name='Status', description='The status of the application. Valid values:

*   Enabled: The application is enabled.
*   Disabled: The application is disabled.', example='enabled'),
    updateTime?: long(name='UpdateTime', description='The time when the application was last updated. The value is a UNIX timestamp. Unit: milliseconds.', example='1649830226000'),
  }(name='Application', description='The details of the application.'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model GetApplicationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetApplicationResponseBody(name='body'),
}

/**
 * @summary Queries the details of an Employee Identity and Access Management (EIAM) application.
 *
 * @param request GetApplicationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetApplicationResponse
 */
async function getApplicationWithOptions(request: GetApplicationRequest, runtime: $RuntimeOptions): GetApplicationResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.applicationId)) {
    query['ApplicationId'] = request.applicationId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'GetApplication',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the details of an Employee Identity and Access Management (EIAM) application.
 *
 * @param request GetApplicationRequest
 * @return GetApplicationResponse
 */
async function getApplication(request: GetApplicationRequest): GetApplicationResponse {
  var runtime = new $RuntimeOptions{};
  return getApplicationWithOptions(request, runtime);
}

model GetApplicationGrantScopeRequest {
  applicationId?: string(name='ApplicationId', description='The ID of the application.

This parameter is required.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model GetApplicationGrantScopeResponseBody = {
  applicationGrantScope?: {
    grantScopes?: [ string ](name='GrantScopes', description='The permissions of the Developer API feature.'),
  }(name='ApplicationGrantScope', description='The permissions of the Developer API feature.'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model GetApplicationGrantScopeResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetApplicationGrantScopeResponseBody(name='body'),
}

/**
 * @summary Queries the permissions of the Developer API feature for an Employee Identity and Access Management (EIAM) application.
 *
 * @param request GetApplicationGrantScopeRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetApplicationGrantScopeResponse
 */
async function getApplicationGrantScopeWithOptions(request: GetApplicationGrantScopeRequest, runtime: $RuntimeOptions): GetApplicationGrantScopeResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.applicationId)) {
    query['ApplicationId'] = request.applicationId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'GetApplicationGrantScope',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the permissions of the Developer API feature for an Employee Identity and Access Management (EIAM) application.
 *
 * @param request GetApplicationGrantScopeRequest
 * @return GetApplicationGrantScopeResponse
 */
async function getApplicationGrantScope(request: GetApplicationGrantScopeRequest): GetApplicationGrantScopeResponse {
  var runtime = new $RuntimeOptions{};
  return getApplicationGrantScopeWithOptions(request, runtime);
}

model GetApplicationProvisioningConfigRequest {
  applicationId?: string(name='ApplicationId', description='The ID of the application.

This parameter is required.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
  instanceId?: string(name='InstanceId', description='The instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model GetApplicationProvisioningConfigResponseBody = {
  applicationProvisioningConfig?: {
    applicationId?: string(name='ApplicationId', description='The ID of the application.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
    callbackProvisioningConfig?: {
      callbackUrl?: string(name='CallbackUrl', description='The URL that the application uses to receive IDaaS event callbacks.', example='https://example.com/event/callback'),
      encryptKey?: string(name='EncryptKey', description='The symmetric key for IDaaS event callbacks. The key is an AES-256 encryption key in the HEX format.', example='1adfdfdfd******111'),
      encryptRequired?: boolean(name='EncryptRequired', description='Indicates whether IDaaS event callback messages are encrypted. Valid values:

*   true: The messages are encrypted.
*   false: The messages are transmitted in plaintext.', example='true'),
      listenEventScopes?: [ string ](name='ListenEventScopes', description='The list of types of IDaaS event callback messages that are supported by the listener.'),
    }(name='CallbackProvisioningConfig', description='The configuration of the custom event callback protocol of IDaaS.'),
    configOperateMode?: string(name='ConfigOperateMode', description='The rendering mode of the account synchronization page. Valid values:

*   standard: standard mode
*   template: template mode', example='standard'),
    instanceId?: string(name='InstanceId', description='The ID of the instance.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
    provisionJwksEndpoint?: string(name='ProvisionJwksEndpoint', description='The public key endpoint for signature verification of the synchronization callback information.', example='https://eiam-api-cn-hangzhou.aliyuncs.com/v2/idaas_ue2jvisn35ea5lmthk267xxxxx/app_mkv7rgt4d7i4u7zqtzev2mxxxx/provisioning/jwks'),
    provisionPassword?: boolean(name='ProvisionPassword', description='Indicates whether the password is synchronized in IDaaS user event callbacks. Valid values:

*   true: The password is synchronized.
*   false: The password is not synchronized.', example='true'),
    provisionProtocolType?: string(name='ProvisionProtocolType', description='The synchronization protocol type of the application. Valid values:

*   idaas_callback: custom event callback protocol of IDaaS.
*   scim2: System for Cross-domain Identity Management (SCIM) protocol.', example='idaas_callback'),
    scimProvisioningConfig?: {
      authnConfiguration?: {
        authnMode?: string(name='AuthnMode', description='The authentication mode of the SCIM protocol. Valid value:

*   oauth2: OAuth2.0 mode.', example='oauth2'),
        authnParam?: {
          accessToken?: string(name='AccessToken', description='The access token. This parameter is returned when the GrantType parameter is set to bearer_token.', example='k52x2ru63rlkflina5utgkxxxx'),
          authnMethod?: string(name='AuthnMethod', description='The authentication mode of the SCIM protocol. Valid values:

*   client_secret_basic: The client secret is passed in the request header.
*   client_secret_post: The client secret is passed in the request body.', example='client_secret_basic'),
          clientId?: string(name='ClientId', description='The client ID of the application.', example='mkv7rgt4d7i4u7zqtzev2mxxxx'),
          clientSecret?: string(name='ClientSecret', description='The client secret of the application.', example='CSEHDcHcrUKHw1CuxkJEHPveWRXBGqVqRsxxxx'),
          tokenEndpoint?: string(name='TokenEndpoint', description='The token endpoint.', example='https://www.example.com/oauth/token'),
        }(name='AuthnParam', description='The configuration parameters related to authorization.

*   If the GrantType parameter is set to client_credentials, the configuration parameters ClientId, ClientSecret, and AuthnMethod are returned.
*   If the GrantType parameter is set to bearer_token, the configuration parameter AccessToken is returned.'),
        grantType?: string(name='GrantType', description='The grant type of the SCIM protocol. Valid values:

*   client_credentials: client mode.
*   bearer_token: key mode.', example='bearer_token'),
      }(name='AuthnConfiguration', description='The configuration parameters related to SCIM-based synchronization.'),
      fullPushScopes?: [ string ](name='FullPushScopes', description='The full synchronization scope of the SCIM protocol. Valid value:

*   urn:alibaba:idaas:app:scim:User:PUSH: full account data synchronization.'),
      provisioningActions?: [ string ](name='ProvisioningActions', description='The resource operations of the SCIM protocol. Valid values:

*   urn:alibaba:idaas:app:scim:User:CREATE: account creation.
*   urn:alibaba:idaas:app:scim:User:UPDATE: account update.
*   urn:alibaba:idaas:app:scim:User:DELETE: account deletion.'),
      scimBaseUrl?: string(name='ScimBaseUrl', description='The base URL that the application uses to receive the SCIM protocol for IDaaS synchronization.', example='https://example.com/scim'),
    }(name='ScimProvisioningConfig', description='The configuration of SCIM-based IDaaS synchronization.'),
    status?: string(name='Status', description='The status of the IDaaS account synchronization feature. Valid values:

*   enabled: The feature is enabled.
*   disabled: The feature is disabled.', example='enabled'),
  }(name='ApplicationProvisioningConfig', description='The configuration of the account synchronization feature for the application.'),
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model GetApplicationProvisioningConfigResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetApplicationProvisioningConfigResponseBody(name='body'),
}

/**
 * @summary Queries the configuration of the account synchronization feature for an application in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM).
 *
 * @param request GetApplicationProvisioningConfigRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetApplicationProvisioningConfigResponse
 */
async function getApplicationProvisioningConfigWithOptions(request: GetApplicationProvisioningConfigRequest, runtime: $RuntimeOptions): GetApplicationProvisioningConfigResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.applicationId)) {
    query['ApplicationId'] = request.applicationId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'GetApplicationProvisioningConfig',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the configuration of the account synchronization feature for an application in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM).
 *
 * @param request GetApplicationProvisioningConfigRequest
 * @return GetApplicationProvisioningConfigResponse
 */
async function getApplicationProvisioningConfig(request: GetApplicationProvisioningConfigRequest): GetApplicationProvisioningConfigResponse {
  var runtime = new $RuntimeOptions{};
  return getApplicationProvisioningConfigWithOptions(request, runtime);
}

model GetApplicationProvisioningScopeRequest {
  applicationId?: string(name='ApplicationId', description='The ID of the application.

This parameter is required.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model GetApplicationProvisioningScopeResponseBody = {
  applicationProvisioningScope?: {
    groupIds?: [ string ](name='GroupIds', description='Synchronize the list of authorized groups'),
    maxQuota?: int32(name='MaxQuota', description='Instance Indicates the maximum quota number of authorized agents', example='20'),
    organizationalUnitIds?: [ string ](name='OrganizationalUnitIds', description='The list of organizational units that are authorized for account synchronization.'),
    usedQuota?: int32(name='UsedQuota', description='Indicates the quota number of used authorized agents', example='10'),
  }(name='ApplicationProvisioningScope', description='The scope of account synchronization.'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model GetApplicationProvisioningScopeResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetApplicationProvisioningScopeResponseBody(name='body'),
}

/**
 * @summary Queries the account synchronization scope of applications in Identity as a Service (IDaaS) Employee IAM (EIAM). This scope is the same as the scope within which developers can call the DeveloperAPI to query and manage accounts.
 *
 * @param request GetApplicationProvisioningScopeRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetApplicationProvisioningScopeResponse
 */
async function getApplicationProvisioningScopeWithOptions(request: GetApplicationProvisioningScopeRequest, runtime: $RuntimeOptions): GetApplicationProvisioningScopeResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.applicationId)) {
    query['ApplicationId'] = request.applicationId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'GetApplicationProvisioningScope',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the account synchronization scope of applications in Identity as a Service (IDaaS) Employee IAM (EIAM). This scope is the same as the scope within which developers can call the DeveloperAPI to query and manage accounts.
 *
 * @param request GetApplicationProvisioningScopeRequest
 * @return GetApplicationProvisioningScopeResponse
 */
async function getApplicationProvisioningScope(request: GetApplicationProvisioningScopeRequest): GetApplicationProvisioningScopeResponse {
  var runtime = new $RuntimeOptions{};
  return getApplicationProvisioningScopeWithOptions(request, runtime);
}

model GetApplicationSsoConfigRequest {
  applicationId?: string(name='ApplicationId', description='The ID of the application.

This parameter is required.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model GetApplicationSsoConfigResponseBody = {
  applicationSsoConfig?: {
    initLoginType?: string(name='InitLoginType', description='The initial SSO method. Valid values:

*   only_app_init_sso: Only application-initiated SSO is allowed. This method is selected by default when the SSO protocol of the application is an OIDC protocol. If this method is selected when the SSO protocol of the application is SAML, the InitLoginUrl parameter is required.
*   idaas_or_app_init_sso: IDaaS-initiated SSO and application-initiated SSO are allowed. This method is selected by default when the SSO protocol of the application is SAML. If this method is selected when the SSO protocol of the application is an OIDC protocol, the InitLoginUrl parameter is required.', example='only_app_init_sso'),
    initLoginUrl?: string(name='InitLoginUrl', description='The initial webhook URL of SSO. This parameter is required when the SSO protocol of the application is an OIDC protocol and the InitLoginType parameters is set to idaas_or_app_init_sso or when the SSO protocol of the application is SAML and the InitLoginType parameter is set to only_app_init_sso.', example='http://127.0.0.1:8000/start_login?enterprise_code=ABCDEF'),
    oidcSsoConfig?: {
      accessTokenEffectiveTime?: long(name='AccessTokenEffectiveTime', description='The validity period of the issued access token. Unit: seconds. Default value: 1200.', example='1200'),
      codeEffectiveTime?: long(name='CodeEffectiveTime', description='The validity period of the issued code. Unit: seconds. Default value: 60.', example='60'),
      customClaims?: [ 
        {
          claimName?: string(name='ClaimName', description='The claim name.', example='userOuIds'),
          claimValueExpression?: string(name='ClaimValueExpression', description='The expression that is used to generate the value of the claim.', example='ObjectToJsonString(user.organizationalUnits)'),
        }
      ](name='CustomClaims', description='The custom claims that are returned for the ID token.'),
      grantScopes?: [ string ](name='GrantScopes', description='The scopes of user attributes that can be returned for the UserInfo endpoint or ID token.', example='profile，email'),
      grantTypes?: [ string ](name='GrantTypes', description='The list of grant types that are supported for OIDC protocols.', example='authorization_code'),
      idTokenEffectiveTime?: long(name='IdTokenEffectiveTime', description='The validity period of the issued ID token. Unit: seconds. Default value: 300.', example='1200'),
      passwordAuthenticationSourceId?: string(name='PasswordAuthenticationSourceId', description='The ID of the identity authentication source in password mode. This parameter is returned only when the value of the GrantTypes parameter includes the password mode.', example='ia_password'),
      passwordTotpMfaRequired?: boolean(name='PasswordTotpMfaRequired', description='Indicates whether time-based one-time password (TOTP) authentication is required in password mode. This parameter is returned only when the value of the GrantTypes parameter includes the password mode.', example='true'),
      pkceChallengeMethods?: [ string ](name='PkceChallengeMethods', description='The algorithms that are used to calculate the code challenge for PKCE.', example='S256'),
      pkceRequired?: boolean(name='PkceRequired', description='Indicates whether the SSO of the application requires Proof Key for Code Exchange (PKCE) (RFC 7636).', example='true'),
      postLogoutRedirectUris?: [ string ](name='PostLogoutRedirectUris', description='The list of logout redirect URIs that are supported by the application.'),
      redirectUris?: [ string ](name='RedirectUris', description='The list of redirect URIs that are supported by the application.'),
      refreshTokenEffective?: long(name='RefreshTokenEffective', description='The validity period of the issued refresh token. Unit: seconds. Default value: 86400.', example='86400'),
      responseTypes?: [ string ](name='ResponseTypes', description='The response types that are supported by the application. This parameter is returned when the value of the GrantTypes parameter includes the implicit mode.', example='token id_token'),
      subjectIdExpression?: string(name='SubjectIdExpression', description='The custom expression that is used to generate the subject ID returned for the ID token.', example='user.userid'),
    }(name='OidcSsoConfig', description='The Open ID Connect (OIDC)-based SSO configuration attributes of the application. This parameter is returned only when the SSO protocol of the application is an OIDC protocol.'),
    protocolEndpointDomain?: {
      oauth2AuthorizationEndpoint?: string(name='Oauth2AuthorizationEndpoint', description='The OAuth2.0 authorization endpoint. This parameter is returned only when the SSO protocol of the application is an OIDC protocol.', example='https://l1seshcn.aliyunidaas.com/login/app/app_mltta64q65enci54slingvvsgq/oauth2/authorize'),
      oauth2DeviceAuthorizationEndpoint?: string(name='Oauth2DeviceAuthorizationEndpoint', description='The OAuth2.0 device authorization endpoint. This parameter is returned only when the SSO protocol of the application is an OIDC protocol.', example='https://eiam-api-cn-hangzhou.aliyuncs.com/v2/idaas_ue2jvisn35ea5lmthk2676rypm/app_mltta64q65enci54slingvvsgq/oauth2/device/code'),
      oauth2RevokeEndpoint?: string(name='Oauth2RevokeEndpoint', description='The OAuth2.0 token revocation endpoint. This parameter is returned only when the SSO protocol of the application is an OIDC protocol.', example='https://eiam-api-cn-hangzhou.aliyuncs.com/v2/idaas_ue2jvisn35ea5lmthk2676rypm/app_mltta64q65enci54slingvvsgq/oauth2/revoke'),
      oauth2TokenEndpoint?: string(name='Oauth2TokenEndpoint', description='The OAuth2.0 token endpoint. This parameter is returned only when the SSO protocol of the application is an OIDC protocol.', example='https://eiam-api-cn-hangzhou.aliyuncs.com/v2/idaas_ue2jvisn35ea5lmthk2676rypm/app_mltta64q65enci54slingvvsgq/oauth2/token'),
      oauth2UserinfoEndpoint?: string(name='Oauth2UserinfoEndpoint', description='The OIDC UserInfo endpoint. This parameter is returned only when the SSO protocol of the application is an OIDC protocol.', example='https://eiam-api-cn-hangzhou.aliyuncs.com/v2/idaas_ue2jvisn35ea5lmthk2676rypm/app_mltta64q65enci54slingvvsgq/oauth2/userinfo'),
      oidcIssuer?: string(name='OidcIssuer', description='The information about the OIDC issuer. This parameter is returned only when the SSO protocol of the application is an OIDC protocol.', example='https://eiam-api-cn-hangzhou.aliyuncs.com/v2/idaas_ue2jvisn35ea5lmthk2676rypm/app_mltta64q65enci54slingvvsgq/oidc'),
      oidcJwksEndpoint?: string(name='OidcJwksEndpoint', description='The JSON Web Key Set (JWKS) URL of the OIDC issuer. This parameter is returned only when the SSO protocol of the application is an OIDC protocol.', example='https://eiam-api-cn-hangzhou.aliyuncs.com/v2/idaas_ue2jvisn35ea5lmthk2676rypm/app_mltta64q65enci54slingvvsgq/oidc/jwks'),
      oidcLogoutEndpoint?: string(name='OidcLogoutEndpoint', description='The OIDC relying party (RP)-initiated logout endpoint. This parameter is returned only when the SSO protocol of the application is an OIDC protocol.', example='https://l1seshcn.aliyunidaas.com/login/app/app_mltta64q65enci54slingvvsgq/oauth2/logout'),
      samlMetaEndpoint?: string(name='SamlMetaEndpoint', description='The metadata URL of the SAML protocol. This parameter is returned only when the SSO protocol of the application is SAML 2.0.', example='https://l1seshcn.aliyunidaas.com/api/v2/app_mltuxdwd4lq4eer6tmtlmaxm5e/saml2/meta'),
      samlSsoEndpoint?: string(name='SamlSsoEndpoint', description='The request receiving URL of the SAML protocol. This parameter is returned only when the SSO protocol of the application is SAML 2.0.', example='https://l1seshcn.aliyunidaas.com/login/app/app_mltuxdwd4lq4eer6tmtlmaxm5e/saml2/sso'),
    }(name='ProtocolEndpointDomain', description='The configuration of the metadata endpoint provided by the application.'),
    samlSsoConfig?: {
      assertionSigned?: boolean(name='AssertionSigned', description='Whether the Assertion needs a signature. ResponseSigned and AssertionSigned cannot be false at the same time.

true: signature is required.
false: signature is not required.', example='true'),
      attributeStatements?: [ 
        {
          attributeName?: string(name='AttributeName', description='The attribute name.', example='https://www.aliyun.com/SAML-Role/Attributes/RoleSessionName'),
          attributeValueExpression?: string(name='AttributeValueExpression', description='The expression that is used to generate the value of the attribute.', example='user.username'),
        }
      ](name='AttributeStatements', description='The additional user attributes in the SAML assertion.'),
      defaultRelayState?: string(name='DefaultRelayState', description='The default value of the RelayState attribute. If the SSO request is initiated in EIAM, the RelayState attribute in the SAML response is set to this default value.', example='https://home.console.aliyun.com'),
      idPEntityId?: string(name='IdPEntityId', description='The custom issuer ID.', example='https://example.com/'),
      nameIdFormat?: string(name='NameIdFormat', description='The Format attribute of the NameID element in the SAML assertion. Valid values:

*   urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified: No format is specified. How to resolve the NameID element depends on the application.
*   urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress: The NameID element must be an email address.
*   urn:oasis:names:tc:SAML:2.0:nameid-format:persistent: The NameID element must be persistent.
*   urn:oasis:names:tc:SAML:2.0:nameid-format:transient: The NameID element must be transient.', example='urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified'),
      nameIdValueExpression?: string(name='NameIdValueExpression', description='The expression that is used to generate the value of NameID in the SAML assertion.', example='user.username'),
      optionalRelayStates?: [ 
        {
          displayName?: string(name='DisplayName', description='The display name of the RelayState', example='Ram Account SSO'),
          relayState?: string(name='RelayState', description='RelayState.The user will see the display names of multiple optional redirect addresses in the application card of the application portal. After the user clicks and completes SSO, they will automatically jump to the corresponding address. This field can only be filled in after the default redirect address is filled in.', example='https://home.console.aliyun.com'),
        }
      ](name='OptionalRelayStates', description='Optional RelayState. The user will see the display names of multiple optional redirect addresses in the application card of the application portal. After the user clicks and completes SSO, they will automatically jump to the corresponding address. This field can only be filled in after the default redirect address is filled in.'),
      responseSigned?: boolean(name='ResponseSigned', description='Whether the response needs to be signed. ResponseSigned and AssertionSigned cannot be false at the same time.

true: signature is required.
false: signature is not required.', example='true'),
      signatureAlgorithm?: string(name='SignatureAlgorithm', description='The algorithm that is used to calculate the signature for the SAML assertion.', example='RSA-SHA256'),
      spEntityId?: string(name='SpEntityId', description='The entity ID of the application in SAML. The application assumes the role of service provider.', example='urn:alibaba:cloudcomputing'),
      spSsoAcsUrl?: string(name='SpSsoAcsUrl', description='The Assertion Consumer Service (ACS) URL of the application in SAML. The application assumes the role of service provider.', example='https://signin.aliyun.com/saml-role/sso'),
    }(name='SamlSsoConfig', description='The Security Assertion Markup Language (SAML)-based SSO configuration attributes of the application. This parameter is returned only if the SSO protocol of the application is SAML 2.0.'),
    ssoStatus?: string(name='SsoStatus', description='The SSO feature status of the application. Valid values:

*   enabled: The feature is enabled.
*   disabled: The feature is disabled.', example='enabled'),
  }(name='ApplicationSsoConfig', description='The single sign-on (SSO) configuration information of the application.'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model GetApplicationSsoConfigResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetApplicationSsoConfigResponseBody(name='body'),
}

/**
 * @summary Queries the single sign-on (SSO) configuration attributes of an application in Identity as a Service (IDaaS) Employee IAM (EIAM).
 *
 * @param request GetApplicationSsoConfigRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetApplicationSsoConfigResponse
 */
async function getApplicationSsoConfigWithOptions(request: GetApplicationSsoConfigRequest, runtime: $RuntimeOptions): GetApplicationSsoConfigResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.applicationId)) {
    query['ApplicationId'] = request.applicationId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'GetApplicationSsoConfig',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the single sign-on (SSO) configuration attributes of an application in Identity as a Service (IDaaS) Employee IAM (EIAM).
 *
 * @param request GetApplicationSsoConfigRequest
 * @return GetApplicationSsoConfigResponse
 */
async function getApplicationSsoConfig(request: GetApplicationSsoConfigRequest): GetApplicationSsoConfigResponse {
  var runtime = new $RuntimeOptions{};
  return getApplicationSsoConfigWithOptions(request, runtime);
}

model GetConditionalAccessPolicyRequest {
  conditionalAccessPolicyId?: string(name='ConditionalAccessPolicyId', description='Conditional Access Policy ID

This parameter is required.', example='cap_11111'),
  instanceId?: string(name='InstanceId', description='Instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model GetConditionalAccessPolicyResponseBody = {
  conditionalAccessPolicy?: {
    conditionalAccessPolicyId?: string(name='ConditionalAccessPolicyId', description='Conditional Access Policy ID', example='cp_xxxxx'),
    conditionalAccessPolicyName?: string(name='ConditionalAccessPolicyName', description='Conditional Access Policy Name', example='My Policy'),
    conditionalAccessPolicyType?: string(name='ConditionalAccessPolicyType', description='Type of the conditional access policy', example='arn:alibaba:idaas:authn:access:policy:system'),
    conditionsConfig?: {
      applications?: {
        excludeApplications?: [ string ](name='ExcludeApplications', description='Excluded applications'),
        includeApplications?: [ string ](name='IncludeApplications', description='Selected applications'),
      }(name='Applications', description='Target applications of the conditional access policy'),
      networkZones?: {
        excludeNetworkZones?: [ string ](name='ExcludeNetworkZones', description='Excluded network zones'),
        includeNetworkZones?: [ string ](name='IncludeNetworkZones', description='Included network zones'),
      }(name='NetworkZones', description='Network zones for the conditional access policy'),
      users?: {
        excludeGroups?: [ string ](name='ExcludeGroups', description='Excluded user groups'),
        excludeOrganizationalUnits?: [ string ](name='ExcludeOrganizationalUnits', description='Excluded organizations'),
        excludeUsers?: [ string ](name='ExcludeUsers', description='Excluded users'),
        includeGroups?: [ string ](name='IncludeGroups', description='Selected user groups'),
        includeOrganizationalUnits?: [ string ](name='IncludeOrganizationalUnits', description='Included organizations'),
        includeUsers?: [ string ](name='IncludeUsers', description='Selected users'),
      }(name='Users', description='Target users of the conditional access policy'),
    }(name='ConditionsConfig', description='Conditional access policy content'),
    createTime?: long(name='CreateTime', description='Creation time', example='1741857554000'),
    decisionConfig?: {
      activeSessionReuseStatus?: string(name='ActiveSessionReuseStatus', description='Whether to enable session reuse', example='enabled'),
      effect?: string(name='Effect', description='Decision action of the conditional access policy', example='allow'),
      mfaAuthenticationIntervalSeconds?: long(name='MfaAuthenticationIntervalSeconds', description='Re-authentication interval (in seconds) for the conditional access policy', example='300'),
      mfaAuthenticationMethods?: [ string ](name='MfaAuthenticationMethods', description='Allowed MFA types for the conditional access policy'),
      mfaType?: string(name='MfaType', description='MFA authentication type of the conditional access policy', example='directly_access'),
    }(name='DecisionConfig', description='Action of the conditional access policy'),
    decisionType?: string(name='DecisionType', description='Execution type of the conditional access policy', example='enforcement'),
    description?: string(name='Description', description='Description of the conditional access policy', example='ga access port for ecs: internal-cn-hangzhou-docker-builder-2(i-bp19g1pheaailkk1xvr6)'),
    evaluateAt?: string(name='EvaluateAt', description='Execution point of the conditional access policy', example='arn:alibaba:idaas:authn:access:rule:eval_at:after_step1'),
    instanceId?: string(name='InstanceId', description='Instance ID', example='idaas_qnx6fbrinlecptl5hld23lfkvy'),
    lastUpdatedTime?: long(name='LastUpdatedTime', description='Last updated time', example='1741857554000'),
    priority?: int32(name='Priority', description='Priority', example='5'),
    status?: string(name='Status', description='Enable or disable status of the conditional access policy', example='enabled'),
  }(name='ConditionalAccessPolicy', description='Details of the conditional access policy'),
  requestId?: string(name='RequestId', description='Request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model GetConditionalAccessPolicyResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetConditionalAccessPolicyResponseBody(name='body'),
}

/**
 * @summary Get Conditional Access Policy
 *
 * @description Query Conditional Access Policy
 *
 * @param request GetConditionalAccessPolicyRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetConditionalAccessPolicyResponse
 */
async function getConditionalAccessPolicyWithOptions(request: GetConditionalAccessPolicyRequest, runtime: $RuntimeOptions): GetConditionalAccessPolicyResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.conditionalAccessPolicyId)) {
    query['ConditionalAccessPolicyId'] = request.conditionalAccessPolicyId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'GetConditionalAccessPolicy',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Get Conditional Access Policy
 *
 * @description Query Conditional Access Policy
 *
 * @param request GetConditionalAccessPolicyRequest
 * @return GetConditionalAccessPolicyResponse
 */
async function getConditionalAccessPolicy(request: GetConditionalAccessPolicyRequest): GetConditionalAccessPolicyResponse {
  var runtime = new $RuntimeOptions{};
  return getConditionalAccessPolicyWithOptions(request, runtime);
}

model GetDomainRequest {
  domainId?: string(name='DomainId', description='域名ID。

This parameter is required.', example='dm_examplexxxxx'),
  instanceId?: string(name='InstanceId', description='IDaaS EIAM实例的ID。

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model GetDomainResponseBody = {
  domain?: {
    createTime?: long(name='CreateTime', description='域名创建时间，Unix时间戳格式，单位为毫秒。', example='1649830226000'),
    defaultDomain?: boolean(name='DefaultDomain', description='是否默认域名。true表示实例默认域名，false表示非默认域名', example='false'),
    domain?: string(name='Domain', description='域名。', example='login.example.com'),
    domainId?: string(name='DomainId', description='域名ID。', example='dm_examplexxxxx'),
    domainType?: string(name='DomainType', description='域名类型。枚举取值:system_init(系统初始化)、user_custom(用户自定义)。', example='system_init'),
    filing?: {
      icpNumber?: string(name='IcpNumber', description='域名关联的备案号, 长度最大限制64。'),
    }(name='Filing', description='域名备案信息。'),
    instanceId?: string(name='InstanceId', description='实例ID。', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
    lockMode?: string(name='LockMode', description='域名锁定状态。枚举取值:unlock(正常)、lockByLicense(因License限制不可用)。', example='unlock'),
    updateTime?: long(name='UpdateTime', description='域名最近更新时间，Unix时间戳格式，单位为毫秒。', example='1649830226000'),
  }(name='Domain'),
  requestId?: string(name='RequestId', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model GetDomainResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetDomainResponseBody(name='body'),
}

/**
 * @summary 查询一个域名的详细信息。
 *
 * @param request GetDomainRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetDomainResponse
 */
async function getDomainWithOptions(request: GetDomainRequest, runtime: $RuntimeOptions): GetDomainResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.domainId)) {
    query['DomainId'] = request.domainId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'GetDomain',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 查询一个域名的详细信息。
 *
 * @param request GetDomainRequest
 * @return GetDomainResponse
 */
async function getDomain(request: GetDomainRequest): GetDomainResponse {
  var runtime = new $RuntimeOptions{};
  return getDomainWithOptions(request, runtime);
}

model GetDomainDnsChallengeRequest {
  domain?: string(name='Domain', description='域名。

This parameter is required.', example='dm_examplexxxx'),
  instanceId?: string(name='InstanceId', description='IDaaS EIAM实例的ID。

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model GetDomainDnsChallengeResponseBody = {
  domainDnsChallenge?: {
    dnsChallengeName?: string(name='DnsChallengeName', description='DNS challenge名称。', example='_idaas-challenge.${domain}'),
    dnsChallengeValue?: string(name='DnsChallengeValue', description='DNS challenge值。', example='exmple123xxx'),
    dnsType?: string(name='DnsType', description='DNS记录类型。', example='枚举，目前只支持TXT类型'),
  }(name='DomainDnsChallenge'),
  requestId?: string(name='RequestId', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model GetDomainDnsChallengeResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetDomainDnsChallengeResponseBody(name='body'),
}

/**
 * @summary 查看域名的DNS Challenge记录。
 *
 * @param request GetDomainDnsChallengeRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetDomainDnsChallengeResponse
 */
async function getDomainDnsChallengeWithOptions(request: GetDomainDnsChallengeRequest, runtime: $RuntimeOptions): GetDomainDnsChallengeResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.domain)) {
    query['Domain'] = request.domain;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'GetDomainDnsChallenge',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 查看域名的DNS Challenge记录。
 *
 * @param request GetDomainDnsChallengeRequest
 * @return GetDomainDnsChallengeResponse
 */
async function getDomainDnsChallenge(request: GetDomainDnsChallengeRequest): GetDomainDnsChallengeResponse {
  var runtime = new $RuntimeOptions{};
  return getDomainDnsChallengeWithOptions(request, runtime);
}

model GetForgetPasswordConfigurationRequest {
  instanceId?: string(name='InstanceId', description='The instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model GetForgetPasswordConfigurationResponseBody = {
  openForgetPasswordConfiguration?: {
    authenticationChannels?: [ string ](name='AuthenticationChannels', description='表示忘记密码认证渠道。枚举取值:email(邮件)、sms(短信)'),
    enable?: boolean(name='Enable', description='Indicates whether the forgot password feature is enabled.', example='true'),
    enableEmail?: boolean(name='EnableEmail', description='Indicates whether email authentication is enabled for the forgot password feature.', example='true'),
    enableSms?: boolean(name='EnableSms', description='Indicates whether Short Message Service (SMS) authentication is enabled for the forgot password feature.', example='true'),
    forgetPasswordStatus?: string(name='ForgetPasswordStatus', description='表示忘记密码配置状态。枚举取值:enabled(开启)、disabled(禁用)'),
  }(name='OpenForgetPasswordConfiguration', description='The forgot password configurations.'),
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model GetForgetPasswordConfigurationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetForgetPasswordConfigurationResponseBody(name='body'),
}

/**
 * @summary Queries the forgot password configurations of an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS).
 *
 * @param request GetForgetPasswordConfigurationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetForgetPasswordConfigurationResponse
 */
async function getForgetPasswordConfigurationWithOptions(request: GetForgetPasswordConfigurationRequest, runtime: $RuntimeOptions): GetForgetPasswordConfigurationResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'GetForgetPasswordConfiguration',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the forgot password configurations of an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS).
 *
 * @param request GetForgetPasswordConfigurationRequest
 * @return GetForgetPasswordConfigurationResponse
 */
async function getForgetPasswordConfiguration(request: GetForgetPasswordConfigurationRequest): GetForgetPasswordConfigurationResponse {
  var runtime = new $RuntimeOptions{};
  return getForgetPasswordConfigurationWithOptions(request, runtime);
}

model GetGroupRequest {
  groupId?: string(name='GroupId', description='The group ID.

This parameter is required.', example='group_d6sbsuumeta4h66ec3il7yxxxx'),
  instanceId?: string(name='InstanceId', description='The instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model GetGroupResponseBody = {
  group?: {
    createTime?: long(name='CreateTime', description='The time at which the group was created. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since January 1, 1970, 00:00:00 UTC.', example='1652085686179'),
    description?: string(name='Description', description='The description of the group.', example='test_group'),
    groupExternalId?: string(name='GroupExternalId', description='The external ID of the group, which can be used to associate the group with an external system. By default, the external ID is the group ID.', example='group_d6sbsuumeta4h66ec3il7yxxxx'),
    groupId?: string(name='GroupId', description='The group ID.', example='group_d6sbsuumeta4h66ec3il7yxxxx'),
    groupName?: string(name='GroupName', description='The name of the group.', example='group_name'),
    groupSourceId?: string(name='GroupSourceId', description='The source ID of the group. By default, the source ID is the instance ID.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
    groupSourceType?: string(name='GroupSourceType', description='The source type of the group. Only build_in may be returned, which indicates that the group was created in IDaaS.

*build_in:Create By Self.', example='build_in'),
    instanceId?: string(name='InstanceId', description='The instance ID.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
    updateTime?: long(name='UpdateTime', description='The time at which the group was last updated. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since January 1, 1970, 00:00:00 UTC.', example='1652085686179'),
  }(name='Group', description='The information about the account group.'),
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model GetGroupResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetGroupResponseBody(name='body'),
}

/**
 * @summary Queries the information of an account group in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM).
 *
 * @param request GetGroupRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetGroupResponse
 */
async function getGroupWithOptions(request: GetGroupRequest, runtime: $RuntimeOptions): GetGroupResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.groupId)) {
    query['GroupId'] = request.groupId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'GetGroup',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the information of an account group in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM).
 *
 * @param request GetGroupRequest
 * @return GetGroupResponse
 */
async function getGroup(request: GetGroupRequest): GetGroupResponse {
  var runtime = new $RuntimeOptions{};
  return getGroupWithOptions(request, runtime);
}

model GetIdentityProviderRequest {
  identityProviderId?: string(name='IdentityProviderId', description='IDaaS的身份提供方主键id

This parameter is required.', example='idp_my664lwkhpicbyzirog3xxxxx'),
  instanceId?: string(name='InstanceId', description='IDaaS EIAM实例的ID。

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model GetIdentityProviderResponseBody = {
  identityProviderDetail?: {
    advancedStatus?: string(name='AdvancedStatus', description='高阶配置能力', example='disabled'),
    authnSourceSupplier?: string(name='AuthnSourceSupplier', description='IDaaS EIAM 对应的认证来源产品，okta or google or azure ad', example='urn:alibaba:idaas:idp:bytedance:lark'),
    authnSourceType?: string(name='AuthnSourceType', description='IDaaS EIAM 认证方式类型 oidc or saml', example='urn:alibaba:idaas:authntype:oidc'),
    authnStatus?: string(name='AuthnStatus', description='IDaaS EIAM 对应IdP是否支持认证', example='disabled'),
    createTime?: long(name='CreateTime', description='创建时间', example='1726021079000'),
    description?: string(name='Description', description='IDaaS EIAM 身份提供方描述', example='for poc test'),
    dingtalkAppConfig?: {
      appKey?: string(name='AppKey', description='IDaaS EIAM 钉钉一方应用的AppKey', example='41reopmwoy9s'),
      appSecret?: string(name='AppSecret', description='IDaaS EIAM 钉钉一方应用的AppSecret', example='REOQ6Cl55kriOd8NOBeqWYLKpHR4p6fdZxxxx'),
      corpId?: string(name='CorpId', description='IDaaS EIAM 钉钉一方应用的corpId', example='3756043633237690761'),
      dingtalkVersion?: string(name='DingtalkVersion', description='IDaaS EIAM 钉钉版本', example='public_dingtalk'),
    }(name='DingtalkAppConfig', description='钉钉基础配置'),
    dingtalkProvisioningConfig?: {
      authedDepartmentIds?: [ 
        {
          deptId?: string(name='DeptId', description='钉钉部门Id', example='123xxx444'),
          deptName?: string(name='DeptName', description='钉钉部门名称', example='测试部门'),
        }
      ](name='AuthedDepartmentIds', description='授权的钉钉部门'),
      authedUsers?: [ 
        {
          name?: string(name='Name', description='钉钉用户名称', example='张三'),
          userId?: string(name='UserId', description='钉钉用户userId', example='130308333929200479'),
        }
      ](name='AuthedUsers', description='授权的钉钉账户列表'),
      corpId?: string(name='CorpId', description='钉钉企业corpId', example='ding_xxxxx'),
      corpName?: string(name='CorpName', description='钉钉企业名称', example='测试企业'),
    }(name='DingtalkProvisioningConfig', description='钉钉同步配置'),
    identityProviderExternalId?: string(name='IdentityProviderExternalId', description='IDaaS EIAM 身份提供方外部ID', example='idp_xxxx'),
    identityProviderId?: string(name='IdentityProviderId', description='IDaaS EIAM 身份提供方ID', example='idp_mwpcwnhrimlr2horx7xgg7pp7y'),
    identityProviderName?: string(name='IdentityProviderName', description='IDaaS EIAM 身份提供方名称', example='test'),
    identityProviderType?: string(name='IdentityProviderType', description='身份提供方同步类型', example='urn:alibaba:idaas:idp:alibaba:dingtalk:push'),
    instanceId?: string(name='InstanceId', description='IDaaS EIAM 实例Id', example='idaas_x2df3bak3uwnapqm6xxxx'),
    larkConfig?: {
      appId?: string(name='AppId', description='IDaaS EIAM 飞书自建应用的corpId', example='cli_a7a99f53a317100c'),
      appSecret?: string(name='AppSecret', description='IDaaS EIAM 飞书自建应用的AppSecret', example='***'),
      encryptKey?: string(name='EncryptKey'),
      enterpriseNumber?: string(name='EnterpriseNumber', description='IDaaS EIAM 飞书企业编码', example='FX1231xxxx'),
      verificationToken?: string(name='VerificationToken'),
    }(name='LarkConfig', description='飞书配置'),
    lastStatusCheckJobResult?: string(name='LastStatusCheckJobResult', description='最后一次状态检查结果', example='success'),
    ldapConfig?: {
      administratorPassword?: string(name='AdministratorPassword', description='管理员密码', example='XXXX'),
      administratorUsername?: string(name='AdministratorUsername', description='管理员账号', example='example.com'),
      certificateFingerprintStatus?: string(name='CertificateFingerprintStatus', description='是否验证指纹证书', example='enabled'),
      certificateFingerprints?: [ string ](name='CertificateFingerprints', description='证书指纹列表'),
      ldapProtocol?: string(name='LdapProtocol', description='通信协议', example='ldap'),
      ldapServerHost?: string(name='LdapServerHost', description='ad/ldap 服务器地址', example='127.xx.xx.100'),
      ldapServerPort?: int32(name='LdapServerPort', description='ad/ldap 服务器地址', example='389'),
      startTlsStatus?: string(name='StartTlsStatus', description='startTls是否开启', example='enabled'),
    }(name='LdapConfig', description='AD/LDAP身份提供方相关信息'),
    lockReason?: string(name='LockReason', description='锁定原因', example='financial'),
    logoUrl?: string(name='LogoUrl'),
    networkAccessEndpointId?: string(name='NetworkAccessEndpointId', description='网络端点ID', example='nae_mx4vsadfe6govkqkwckxxxx'),
    oidcConfig?: {
      authnParam?: {
        authnMethod?: string(name='AuthnMethod', description='OIDC/oAuth2 认证方法。', example='client_secret_post'),
        clientId?: string(name='ClientId', description='OIDC/oAuth2 客户端ID。', example='mkv7rgt4d7i4u7zqtzev2mxxxx'),
        clientSecret?: string(name='ClientSecret', description='OIDC/oAuth2 客户端密钥。', example='CSEHDddddddxxxxuxkJEHPveWRXBGqVqRsxxxx'),
      }(name='AuthnParam', description='OIDC客户端认证配置。'),
      endpointConfig?: {
        authorizationEndpoint?: string(name='AuthorizationEndpoint', description='oAuth2 授权端点。', example='https://example.com/oauth/authorize'),
        issuer?: string(name='Issuer', description='OIDC issuer信息。', example='https://example.com/oauth'),
        jwksUri?: string(name='JwksUri', description='OIDC jwks地址。', example='https://example.com/oauth/jwks'),
        tokenEndpoint?: string(name='TokenEndpoint', description='oAuth2 Token端点。', example='https://example.com/oauth/token'),
        userinfoEndpoint?: string(name='UserinfoEndpoint', description='OIDC 用户信息端点。', example='https://example.com/oauth/userinfo'),
      }(name='EndpointConfig', description='OIDC 端点配置。'),
      grantScopes?: [ string ](name='GrantScopes', description='OIDC标准参数，如profile、email等', example='openid'),
      grantType?: string(name='GrantType', description='OIDC授权类型。', example='authorization_code'),
      pkceChallengeMethod?: string(name='PkceChallengeMethod', description='支持的PKCE算法类型。', example='S256'),
      pkceRequired?: boolean(name='PkceRequired', description='AuthorizationCode授权模式下是否使用PKCE。', example='true'),
    }(name='OidcConfig', description='OIDC IdP配置。'),
    udPullConfig?: {
      groupSyncStatus?: string(name='GroupSyncStatus', example='disabled'),
      incrementalCallbackStatus?: string(name='IncrementalCallbackStatus', description='增量回调状态，是否处理来自IdP的增量回调数据', example='disabled'),
      udSyncScopeConfig?: {
        sourceScopes?: [ string ](name='SourceScopes', description='同步来源节点'),
        targetScope?: string(name='TargetScope', description='同步目标节点', example='ou_123xxxx'),
      }(name='UdSyncScopeConfig', description='同步入配置信息'),
    }(name='UdPullConfig', description='同步入配置'),
    udPullStatus?: string(name='UdPullStatus', description='IDaaS EIAM 是否支持UD同步', example='disabled'),
    udPushConfig?: {
      incrementalCallbackStatus?: string(name='IncrementalCallbackStatus', description='增量回调状态，是否处理来自IdP的增量回调数据', example='disabled'),
      udSyncScopeConfigs?: [ 
        {
          sourceScopes?: [ string ](name='SourceScopes', description='同步来源节点'),
          targetScope?: string(name='TargetScope', description='同步目标节点', example='ou_123xxxx'),
        }
      ](name='UdSyncScopeConfigs', description='同步出配置信息'),
    }(name='UdPushConfig', description='同步出配置'),
    udPushStatus?: string(name='UdPushStatus', description='同步出能力', example='disabled'),
    updateTime?: long(name='UpdateTime', description='更新时间', example='1726021079000'),
    weComConfig?: {
      agentId?: string(name='AgentId', description='IDaaS EIAM 企业微信自建应用的Id', example='1242350'),
      authorizeCallbackDomain?: string(name='AuthorizeCallbackDomain', description='授权回调域', example='https://example.com/xxxx'),
      corpId?: string(name='CorpId', description='IDaaS EIAM 企业微信自建应用的corpId', example='3562012953454577801'),
      corpSecret?: string(name='CorpSecret', description='IDaaS EIAM 企业微信自建应用的corpSecret', example='weaseiszjskejskaj12sjeszojxxxx'),
      trustableDomain?: string(name='TrustableDomain', description='可信域名', example='https://example.com'),
    }(name='WeComConfig', description='企业微信'),
  }(name='IdentityProviderDetail'),
  requestId?: string(name='RequestId', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model GetIdentityProviderResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetIdentityProviderResponseBody(name='body'),
}

/**
 * @summary 获取身份提供方
 *
 * @param request GetIdentityProviderRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetIdentityProviderResponse
 */
async function getIdentityProviderWithOptions(request: GetIdentityProviderRequest, runtime: $RuntimeOptions): GetIdentityProviderResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.identityProviderId)) {
    query['IdentityProviderId'] = request.identityProviderId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'GetIdentityProvider',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 获取身份提供方
 *
 * @param request GetIdentityProviderRequest
 * @return GetIdentityProviderResponse
 */
async function getIdentityProvider(request: GetIdentityProviderRequest): GetIdentityProviderResponse {
  var runtime = new $RuntimeOptions{};
  return getIdentityProviderWithOptions(request, runtime);
}

model GetIdentityProviderUdPullConfigurationRequest {
  identityProviderId?: string(name='IdentityProviderId', description='IDaaS的身份提供方主键id

This parameter is required.', example='idp_my664lwkhpicbyzirog3xxxxx'),
  instanceId?: string(name='InstanceId', description='IDaaS EIAM实例的ID。

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model GetIdentityProviderUdPullConfigurationResponseBody = {
  requestId?: string(name='RequestId', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
  udPullConfiguration?: {
    groupSyncStatus?: string(name='GroupSyncStatus', description='组同步状态', example='enabled'),
    identityProviderId?: string(name='IdentityProviderId', description='IDaaS EIAM 身份提供方ID', example='idp_my664lwkhpicbyzirog3xxxxx'),
    incrementalCallbackStatus?: string(name='IncrementalCallbackStatus', description='增量回调状态，是否处理来自IdP的增量回调数据', example='enabled'),
    instanceId?: string(name='InstanceId', description='IDaaS EIAM 实例Id', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
    ldapUdPullConfig?: {
      groupMemberAttributeName?: string(name='GroupMemberAttributeName', description='组成员标识', example='group'),
      groupObjectClass?: string(name='GroupObjectClass', description='组objectClass', example='member'),
      groupObjectClassCustomFilter?: string(name='GroupObjectClassCustomFilter', description='组自定义Filter', example='(|(cn=test)(group=test@test.com))'),
      organizationUnitObjectClass?: string(name='OrganizationUnitObjectClass', description='组织objectClass', example='ou,top'),
      userObjectClass?: string(name='UserObjectClass', description='用户objectClass', example='ou,top'),
      userObjectClassCustomFilter?: string(name='UserObjectClassCustomFilter', description='用户自定义Filter', example='(|(cn=test)(mail=test@test.com))'),
    }(name='LdapUdPullConfig', description='ldap同步侧相关配置信息'),
    periodicSyncConfig?: {
      periodicSyncCron?: string(name='PeriodicSyncCron', example='0 45 1 * * ?'),
      periodicSyncTimes?: int32(name='PeriodicSyncTimes'),
      periodicSyncType?: string(name='PeriodicSyncType', example='cron'),
    }(name='PeriodicSyncConfig'),
    periodicSyncStatus?: string(name='PeriodicSyncStatus', example='enabled'),
    pullProtectedRule?: {
      groupDeletedThreshold?: int32(name='GroupDeletedThreshold', description='同步保护规则-删除组数量', example='10'),
      organizationalUnitDeletedThreshold?: int32(name='OrganizationalUnitDeletedThreshold', description='IDaaS EIAM 钉钉一方应用同步保护规则-删除组织数量', example='10'),
      userDeletedThreshold?: int32(name='UserDeletedThreshold', description='IDaaS EIAM 钉钉一方应用同步保护规则-删除账户数量', example='30'),
    }(name='PullProtectedRule', description='同步入用户映射字段配置列表'),
    udSyncScopeConfig?: {
      sourceScopes?: [ string ](name='SourceScopes', description='同步来源节点'),
      targetScope?: string(name='TargetScope', description='同步目标节点', example='ou_asjdfhaskfhw213mnsj33sXXX'),
    }(name='UdSyncScopeConfig', description='同步入配置信息'),
  }(name='UdPullConfiguration'),
}

model GetIdentityProviderUdPullConfigurationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetIdentityProviderUdPullConfigurationResponseBody(name='body'),
}

/**
 * @summary 获取IdP同步入配置
 *
 * @param request GetIdentityProviderUdPullConfigurationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetIdentityProviderUdPullConfigurationResponse
 */
async function getIdentityProviderUdPullConfigurationWithOptions(request: GetIdentityProviderUdPullConfigurationRequest, runtime: $RuntimeOptions): GetIdentityProviderUdPullConfigurationResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.identityProviderId)) {
    query['IdentityProviderId'] = request.identityProviderId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'GetIdentityProviderUdPullConfiguration',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 获取IdP同步入配置
 *
 * @param request GetIdentityProviderUdPullConfigurationRequest
 * @return GetIdentityProviderUdPullConfigurationResponse
 */
async function getIdentityProviderUdPullConfiguration(request: GetIdentityProviderUdPullConfigurationRequest): GetIdentityProviderUdPullConfigurationResponse {
  var runtime = new $RuntimeOptions{};
  return getIdentityProviderUdPullConfigurationWithOptions(request, runtime);
}

model GetInstanceRequest {
  instanceId?: string(name='InstanceId', description='The instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model GetInstanceResponseBody = {
  instance?: {
    createTime?: long(name='CreateTime', description='The time when the instance was created. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since January 1, 1970, 00:00:00 UTC.', example='1550115455000'),
    defaultEndpoint?: {
      endpoint?: string(name='Endpoint', description='The endpoint of the instance.', example='example-xxx.aliyunidaas.com'),
      status?: string(name='Status', description='The status of the endpoint. Valid values:

*   resolved
*   unresolved', example='resolved'),
    }(name='DefaultEndpoint', description='The default endpoint of the instance.'),
    description?: string(name='Description', description='The description of the instance.', example='test_description'),
    domainConfig?: {
      defaultDomain?: string(name='DefaultDomain', description='The default domain of the instance.', example='example-xxx.example.com'),
      initDomain?: string(name='InitDomain', description='The init domain of the instance.', example='example-xxx.aliyunidaas.com'),
      initDomainAutoRedirectStatus?: string(name='InitDomainAutoRedirectStatus', description='Valid values:

*   true
*   false', example='true'),
    }(name='DomainConfig', description='The default domain of the instance.'),
    egressAddresses?: [ string ](name='EgressAddresses', description='The outbound public CIDR blocks of the instance. For example, when you synchronize Active Directory (AD) accounts, the IDaaS EIAM instance accesses your AD service by using the outbound public CIDR blocks.'),
    instanceId?: string(name='InstanceId', description='The instance ID.', example='idaas_abt3pfwojojcq323si6g5xxxxx'),
    status?: string(name='Status', description='The status of the instance. Valid values:

*   creating
*   running', example='running'),
  }(name='Instance', description='The details of the instance.'),
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model GetInstanceResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetInstanceResponseBody(name='body'),
}

/**
 * @summary Queries the information of an Enterprise Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS).
 *
 * @param request GetInstanceRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetInstanceResponse
 */
async function getInstanceWithOptions(request: GetInstanceRequest, runtime: $RuntimeOptions): GetInstanceResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'GetInstance',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the information of an Enterprise Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS).
 *
 * @param request GetInstanceRequest
 * @return GetInstanceResponse
 */
async function getInstance(request: GetInstanceRequest): GetInstanceResponse {
  var runtime = new $RuntimeOptions{};
  return getInstanceWithOptions(request, runtime);
}

model GetInstanceLicenseRequest {
  instanceId?: string(name='InstanceId', description='Instance ID

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk2676xxxx'),
}

model GetInstanceLicenseResponseBody = {
  license?: {
    edition?: string(name='Edition', description='Edition of the License', example='free'),
    endTime?: long(name='EndTime', description='End date of the validity period of the License, timestamp', example='1723996800000'),
    licenseChargeType?: string(name='LicenseChargeType', description='Payment type of the License', example='prepay'),
    licenseConfigJson?: string(name='LicenseConfigJson', description='Detailed configuration JSON string of the License', example='{"modules":[{"features":[{"name":"urn:alibaba:idaas:license:module:ud:customField","status":"enabled"}]……{"name":"urn:alibaba:idaas:license:tag:enterprise","status":"enabled"}],"version":"1.0"}'),
    licenseCreateTime?: long(name='LicenseCreateTime', description='Creation time of the License, timestamp', example='1720509699000'),
    licenseId?: string(name='LicenseId', description='Unique identifier of the License', example='license_1234xxxx'),
    licenseStatus?: string(name='LicenseStatus', description='Status of the License', example='valid'),
    purchaseChannel?: string(name='PurchaseChannel', description='Purchase channel of the License', example='alibaba_cloud'),
    purchaseInstanceId?: string(name='PurchaseInstanceId', description='Unique external product identifier corresponding to the License', example='eiam-cn-xxxxx'),
    startTime?: long(name='StartTime', description='Start date of the validity period of the License, timestamp', example='1720509699000'),
    userQuota?: long(name='UserQuota', description='User quota of the License', example='100'),
  }(name='License', description='Returned result.'),
  requestId?: string(name='RequestId', description='Request ID', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model GetInstanceLicenseResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetInstanceLicenseResponseBody(name='body'),
}

/**
 * @summary Query the currently effective License information of the instance
 *
 * @description Please ensure that your current instance is no longer in use. When the EIAM instance is deleted, all related data will be deleted.
 *
 * @param request GetInstanceLicenseRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetInstanceLicenseResponse
 */
async function getInstanceLicenseWithOptions(request: GetInstanceLicenseRequest, runtime: $RuntimeOptions): GetInstanceLicenseResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'GetInstanceLicense',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Query the currently effective License information of the instance
 *
 * @description Please ensure that your current instance is no longer in use. When the EIAM instance is deleted, all related data will be deleted.
 *
 * @param request GetInstanceLicenseRequest
 * @return GetInstanceLicenseResponse
 */
async function getInstanceLicense(request: GetInstanceLicenseRequest): GetInstanceLicenseResponse {
  var runtime = new $RuntimeOptions{};
  return getInstanceLicenseWithOptions(request, runtime);
}

model GetNetworkAccessEndpointRequest {
  instanceId?: string(name='InstanceId', description='IDaaS EIAM实例的ID。

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  networkAccessEndpointId?: string(name='NetworkAccessEndpointId', description='专属网络端点ID。

This parameter is required.', example='nae-examplexxxx'),
}

model GetNetworkAccessEndpointResponseBody = {
  networkAccessEndpoint?: {
    createTime?: long(name='CreateTime', description='专属网络端点创建时间，Unix时间戳格式，单位为毫秒。', example='1649830226000'),
    egressPrivateIpAddresses?: [ string ](name='EgressPrivateIpAddresses', description='网络访问端私网出口IP地址列表。', example='172.168.x.x'),
    egressPublicIpAddresses?: [ string ](name='EgressPublicIpAddresses', description='网络访问端点公网出口IP地址段', example='8.xx.xx.xxx/27'),
    instanceId?: string(name='InstanceId', description='实例ID。', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
    networkAccessEndpointId?: string(name='NetworkAccessEndpointId', description='专属网络端点ID。', example='nae_examplexxx'),
    networkAccessEndpointName?: string(name='NetworkAccessEndpointName', description='专属网络端点名称。', example='xx业务VPC访问端点'),
    networkAccessEndpointType?: string(name='NetworkAccessEndpointType', description='专属网络端点连接的类型。', example='private'),
    securityGroupId?: string(name='SecurityGroupId', description='专属网络端点使用的安全组ID。', example='sg-examplexxx'),
    status?: string(name='Status', description='专属网络端点状态。', example='running'),
    updateTime?: long(name='UpdateTime', description='专属网络端点最近更新时间，Unix时间戳格式，单位为毫秒。', example='1649830226000'),
    vSwitchIds?: [ string ](name='VSwitchIds', description='专属网络端点连接的指定vSwitch列表。', example='vsw-examplexxx'),
    vpcId?: string(name='VpcId', description='专属网络端点连接的VpcID。', example='vpc-examplexxx'),
    vpcRegionId?: string(name='VpcRegionId', description='专属网络端点连接的Vpc所属地域。', example='cn-hangzhou'),
  }(name='NetworkAccessEndpoint'),
  requestId?: string(name='RequestId', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model GetNetworkAccessEndpointResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetNetworkAccessEndpointResponseBody(name='body'),
}

/**
 * @summary 查询一个专属网络端点的详细信息。
 *
 * @param request GetNetworkAccessEndpointRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetNetworkAccessEndpointResponse
 */
async function getNetworkAccessEndpointWithOptions(request: GetNetworkAccessEndpointRequest, runtime: $RuntimeOptions): GetNetworkAccessEndpointResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.networkAccessEndpointId)) {
    query['NetworkAccessEndpointId'] = request.networkAccessEndpointId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'GetNetworkAccessEndpoint',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 查询一个专属网络端点的详细信息。
 *
 * @param request GetNetworkAccessEndpointRequest
 * @return GetNetworkAccessEndpointResponse
 */
async function getNetworkAccessEndpoint(request: GetNetworkAccessEndpointRequest): GetNetworkAccessEndpointResponse {
  var runtime = new $RuntimeOptions{};
  return getNetworkAccessEndpointWithOptions(request, runtime);
}

model GetOrganizationalUnitRequest {
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  organizationalUnitId?: string(name='OrganizationalUnitId', description='The ID of the organizational unit.

This parameter is required.', example='ou_wovwffm62xifdziem7an7xxxxx'),
}

model GetOrganizationalUnitResponseBody = {
  organizationalUnit?: {
    createTime?: long(name='CreateTime', description='The time when the organizational unit was created. This value is a UNIX timestamp. Unit: milliseconds.', example='1652085686179'),
    description?: string(name='Description', description='The description of the organizational unit.', example='Test organizational unit'),
    instanceId?: string(name='InstanceId', description='The ID of the instance.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
    leaf?: boolean(name='Leaf', description='Indicates whether the node is a leaf node.', example='false'),
    organizationalUnitExternalId?: string(name='OrganizationalUnitExternalId', description='The external ID of the organizational unit. The external ID can be used by external data to map the data of the organizational unit in IDaaS EIAM. By default, the external ID is the organizational unit ID.

For organizational units with the same source type and source ID, each organizational unit has a unique external ID.', example='ou_wovwffm62xifdziem7an7xxxxx'),
    organizationalUnitId?: string(name='OrganizationalUnitId', description='The ID of the organizational unit.', example='ou_wovwffm62xifdziem7an7xxxxx'),
    organizationalUnitName?: string(name='OrganizationalUnitName', description='组织名称。', example='test_organizationalUnit_name'),
    organizationalUnitSourceId?: string(name='OrganizationalUnitSourceId', description='The source ID of the organizational unit.

If the organizational unit was created in IDaaS, its source ID is the ID of the IDaaS instance. If the organizational unit was imported, its source ID is the enterprise ID in the source. For example, if the organizational unit was imported from DingTalk, its source ID is the corpId value of the enterprise in DingTalk.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
    organizationalUnitSourceType?: string(name='OrganizationalUnitSourceType', description='The source type of the organizational unit. Valid values:

*   build_in: The organizational unit was created in IDaaS.
*   ding_talk: The organizational unit was imported from DingTalk.
*   ad: The organizational unit was imported from Microsoft Active Directory (AD).
*   ldap: The organizational unit was imported from a Lightweight Directory Access Protocol (LDAP) service.', example='build_in'),
    parentId?: string(name='ParentId', description='The ID of the parent organizational unit.', example='ou_wovwffm62xifdziem7an7xxxxx'),
    updateTime?: long(name='UpdateTime', description='The time when the organizational unit was last updated. The value is a UNIX timestamp. Unit: milliseconds.', example='1652085686179'),
  }(name='OrganizationalUnit', description='The data object of the organizational unit.'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model GetOrganizationalUnitResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetOrganizationalUnitResponseBody(name='body'),
}

/**
 * @summary Queries the information about an organizational unit in Identity as a Service (IDaaS) Employee IAM (EIAM).
 *
 * @param request GetOrganizationalUnitRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetOrganizationalUnitResponse
 */
async function getOrganizationalUnitWithOptions(request: GetOrganizationalUnitRequest, runtime: $RuntimeOptions): GetOrganizationalUnitResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.organizationalUnitId)) {
    query['OrganizationalUnitId'] = request.organizationalUnitId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'GetOrganizationalUnit',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the information about an organizational unit in Identity as a Service (IDaaS) Employee IAM (EIAM).
 *
 * @param request GetOrganizationalUnitRequest
 * @return GetOrganizationalUnitResponse
 */
async function getOrganizationalUnit(request: GetOrganizationalUnitRequest): GetOrganizationalUnitResponse {
  var runtime = new $RuntimeOptions{};
  return getOrganizationalUnitWithOptions(request, runtime);
}

model GetPasswordComplexityConfigurationRequest {
  instanceId?: string(name='InstanceId', description='The instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model GetPasswordComplexityConfigurationResponseBody = {
  passwordComplexityConfiguration?: {
    passwordComplexityRules?: [ 
      {
        passwordCheckType?: string(name='PasswordCheckType', description='The type of the password check. Valid values:

*   inclusion_upper_case: The password must contain uppercase letters.
*   inclusion_lower_case: The password must contain lowercase letters.
*   inclusion_special_case: The password must contain one or more of the following special characters: @ % + \\\\ / \\\\" ! # $ ^ ? : , ( ) { } [ ] ~ - _ .
*   inclusion_number: The password must contain digits.
*   exclusion_username: The password cannot contain a username.
*   exclusion_email: The password cannot contain an email prefix.
*   exclusion_phone_number: The password cannot contain a mobile number.
*   exclusion_display_name: The password cannot contain a display name.', example='inclusion_upper_case'),
      }
    ](name='PasswordComplexityRules', description='The password complexity rules.'),
    passwordMinLength?: int32(name='PasswordMinLength', description='The minimum number of characters in a password.', example='3'),
  }(name='PasswordComplexityConfiguration', description='The password complexity configurations.'),
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model GetPasswordComplexityConfigurationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetPasswordComplexityConfigurationResponseBody(name='body'),
}

/**
 * @summary Queries the password complexity configurations of an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS).
 *
 * @param request GetPasswordComplexityConfigurationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetPasswordComplexityConfigurationResponse
 */
async function getPasswordComplexityConfigurationWithOptions(request: GetPasswordComplexityConfigurationRequest, runtime: $RuntimeOptions): GetPasswordComplexityConfigurationResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'GetPasswordComplexityConfiguration',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the password complexity configurations of an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS).
 *
 * @param request GetPasswordComplexityConfigurationRequest
 * @return GetPasswordComplexityConfigurationResponse
 */
async function getPasswordComplexityConfiguration(request: GetPasswordComplexityConfigurationRequest): GetPasswordComplexityConfigurationResponse {
  var runtime = new $RuntimeOptions{};
  return getPasswordComplexityConfigurationWithOptions(request, runtime);
}

model GetPasswordExpirationConfigurationRequest {
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model GetPasswordExpirationConfigurationResponseBody = {
  passwordExpirationConfiguration?: {
    effectiveAuthenticationSourceIds?: [ string ](name='EffectiveAuthenticationSourceIds', description='The list of valid authentication IDs. The default is all ["ia_all"]

ia_all: All. If you fill in this value, you cannot fill in other values

ia_password: Account password login

ia_otp_sms: SMS verification code login method

ia_webauthn: WebAuthn authenticator login method

idp_xxx: Specific identity provider authentication method'),
    passwordExpirationAction?: string(name='PasswordExpirationAction', description='The action to take when a password expires. Valid values:

*   forbid_login: Prohibit the user from using the password to log on to IDaaS.
*   force_update_password: Force the user to change the password.
*   remind_update_password: Remind the user to change the password.', example='forbid_login'),
    passwordExpirationNotificationChannels?: [ string ](name='PasswordExpirationNotificationChannels', description='The methods for receiving password expiration notifications.', example='login'),
    passwordExpirationNotificationDuration?: int32(name='PasswordExpirationNotificationDuration', description='The number of days before the expiration date during which password expiration notifications are sent. Unit: day.', example='7'),
    passwordExpirationNotificationStatus?: string(name='PasswordExpirationNotificationStatus', description='Indicates whether the password expiration notification feature is enabled. Valid values:

*   enabled
*   disabled', example='enabled'),
    passwordExpirationStatus?: string(name='PasswordExpirationStatus', description='Indicates whether the password expiration feature is enabled. Valid values:

*   enabled
*   disabled', example='enabled'),
    passwordForcedUpdateDuration?: int32(name='PasswordForcedUpdateDuration', description='The number of days before which users must change the password to prevent password expiration. Unit: day.', example='3'),
    passwordValidMaxDay?: int32(name='PasswordValidMaxDay', description='The validity period of a password. Unit: day.', example='180'),
  }(name='PasswordExpirationConfiguration', description='The password expiration configurations.'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model GetPasswordExpirationConfigurationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetPasswordExpirationConfigurationResponseBody(name='body'),
}

/**
 * @summary Queries the password expiration configurations of an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS).
 *
 * @param request GetPasswordExpirationConfigurationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetPasswordExpirationConfigurationResponse
 */
async function getPasswordExpirationConfigurationWithOptions(request: GetPasswordExpirationConfigurationRequest, runtime: $RuntimeOptions): GetPasswordExpirationConfigurationResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'GetPasswordExpirationConfiguration',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the password expiration configurations of an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS).
 *
 * @param request GetPasswordExpirationConfigurationRequest
 * @return GetPasswordExpirationConfigurationResponse
 */
async function getPasswordExpirationConfiguration(request: GetPasswordExpirationConfigurationRequest): GetPasswordExpirationConfigurationResponse {
  var runtime = new $RuntimeOptions{};
  return getPasswordExpirationConfigurationWithOptions(request, runtime);
}

model GetPasswordHistoryConfigurationRequest {
  instanceId?: string(name='InstanceId', description='The instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model GetPasswordHistoryConfigurationResponseBody = {
  passwordHistoryConfiguration?: {
    passwordHistoryMaxRetention?: int32(name='PasswordHistoryMaxRetention', description='The maximum number of recent passwords that are retained.', example='3'),
    passwordHistoryStatus?: string(name='PasswordHistoryStatus', description='Indicates whether the password history feature is enabled. Valid values:

*   enabled
*   disabled', example='enabled'),
  }(name='PasswordHistoryConfiguration', description='The password history configurations.'),
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model GetPasswordHistoryConfigurationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetPasswordHistoryConfigurationResponseBody(name='body'),
}

/**
 * @summary Queries the password history configurations of an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS).
 *
 * @param request GetPasswordHistoryConfigurationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetPasswordHistoryConfigurationResponse
 */
async function getPasswordHistoryConfigurationWithOptions(request: GetPasswordHistoryConfigurationRequest, runtime: $RuntimeOptions): GetPasswordHistoryConfigurationResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'GetPasswordHistoryConfiguration',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the password history configurations of an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS).
 *
 * @param request GetPasswordHistoryConfigurationRequest
 * @return GetPasswordHistoryConfigurationResponse
 */
async function getPasswordHistoryConfiguration(request: GetPasswordHistoryConfigurationRequest): GetPasswordHistoryConfigurationResponse {
  var runtime = new $RuntimeOptions{};
  return getPasswordHistoryConfigurationWithOptions(request, runtime);
}

model GetPasswordInitializationConfigurationRequest {
  instanceId?: string(name='InstanceId', description='The instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model GetPasswordInitializationConfigurationResponseBody = {
  passwordInitializationConfiguration?: {
    passwordForcedUpdateStatus?: string(name='PasswordForcedUpdateStatus', description='Indicates whether forcible password change upon first logon is enabled. Valid values:

*   enabled
*   disabled', example='enabled'),
    passwordInitializationNotificationChannels?: [ string ](name='PasswordInitializationNotificationChannels', description='The methods for receiving password initialization notifications.', example='email'),
    passwordInitializationStatus?: string(name='PasswordInitializationStatus', description='Indicates whether the password initialization feature is enabled. Valid values:

*   enabled
*   disabled', example='enabled'),
    passwordInitializationType?: string(name='PasswordInitializationType', description='The password initialization method. Set the value to random.

*   random: A randomly generated password is used.', example='random'),
  }(name='PasswordInitializationConfiguration', description='The password initialization configurations.'),
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model GetPasswordInitializationConfigurationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetPasswordInitializationConfigurationResponseBody(name='body'),
}

/**
 * @summary Queries the password initialization configurations of an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS).
 *
 * @param request GetPasswordInitializationConfigurationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetPasswordInitializationConfigurationResponse
 */
async function getPasswordInitializationConfigurationWithOptions(request: GetPasswordInitializationConfigurationRequest, runtime: $RuntimeOptions): GetPasswordInitializationConfigurationResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'GetPasswordInitializationConfiguration',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the password initialization configurations of an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS).
 *
 * @param request GetPasswordInitializationConfigurationRequest
 * @return GetPasswordInitializationConfigurationResponse
 */
async function getPasswordInitializationConfiguration(request: GetPasswordInitializationConfigurationRequest): GetPasswordInitializationConfigurationResponse {
  var runtime = new $RuntimeOptions{};
  return getPasswordInitializationConfigurationWithOptions(request, runtime);
}

model GetRootOrganizationalUnitRequest {
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model GetRootOrganizationalUnitResponseBody = {
  organizationalUnit?: {
    createTime?: long(name='CreateTime', description='The time when the organizational unit was created. This value is a UNIX timestamp. Unit: milliseconds.', example='1652085686179'),
    description?: string(name='Description', description='The description of the organizational unit.', example='Test organizational unit'),
    instanceId?: string(name='InstanceId', description='The ID of the instance.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
    organizationalUnitId?: string(name='OrganizationalUnitId', description='The ID of the organizational unit.', example='ou_wovwffm62xifdziem7an7xxxxx'),
    organizationalUnitName?: string(name='OrganizationalUnitName', description='The name of the organization.', example='name001'),
    updateTime?: long(name='UpdateTime', description='The time when the organizational unit was last updated. The value is a UNIX timestamp. Unit: milliseconds.', example='1652085686179'),
  }(name='OrganizationalUnit', description='The data object of the organizational unit.'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model GetRootOrganizationalUnitResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetRootOrganizationalUnitResponseBody(name='body'),
}

/**
 * @summary Queries the information about the root organizational unit in Identity as a Service (IDaaS) Employee IAM (EIAM).
 *
 * @param request GetRootOrganizationalUnitRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetRootOrganizationalUnitResponse
 */
async function getRootOrganizationalUnitWithOptions(request: GetRootOrganizationalUnitRequest, runtime: $RuntimeOptions): GetRootOrganizationalUnitResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'GetRootOrganizationalUnit',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the information about the root organizational unit in Identity as a Service (IDaaS) Employee IAM (EIAM).
 *
 * @param request GetRootOrganizationalUnitRequest
 * @return GetRootOrganizationalUnitResponse
 */
async function getRootOrganizationalUnit(request: GetRootOrganizationalUnitRequest): GetRootOrganizationalUnitResponse {
  var runtime = new $RuntimeOptions{};
  return getRootOrganizationalUnitWithOptions(request, runtime);
}

model GetSynchronizationJobRequest {
  instanceId?: string(name='InstanceId', description='IDaaS EIAM实例的ID。

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  synchronizationJobId?: string(name='SynchronizationJobId', description='同步任务ID

This parameter is required.', example='sync_0000347vjovtcf41li0fgsd98gn24q9njxxxxx'),
}

model GetSynchronizationJobResponseBody = {
  requestId?: string(name='RequestId', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
  synchronizationJob?: {
    direction?: string(name='Direction', description='同步任务方向', example='ingress'),
    endTime?: long(name='EndTime', description='同步结束时间', example='1649830226000'),
    result?: {
      errorCode?: string(name='ErrorCode', description='同步结果错误码', example='ErrorCodeNotFound'),
      errorMessage?: string(name='ErrorMessage', description='同步结果错误信息描述'),
      groupMemberStatistics?: {
        binded?: {
          failed?: long(name='Failed', description='失败数目', example='10'),
          skipped?: long(name='Skipped', description='跳过数目', example='10'),
          success?: long(name='Success', description='成功数目', example='10'),
          total?: long(name='Total', description='总共数目', example='30'),
        }(name='Binded', description='绑定结果统计'),
        created?: {
          failed?: long(name='Failed', description='失败数目', example='10'),
          skipped?: long(name='Skipped', description='跳过数目', example='10'),
          success?: long(name='Success', description='成功数目', example='10'),
          total?: long(name='Total', description='总共数目', example='30'),
        }(name='Created', description='创建结果统计'),
        deleted?: {
          failed?: long(name='Failed', description='失败数目', example='10'),
          skipped?: long(name='Skipped', description='跳过数目', example='10'),
          success?: long(name='Success', description='成功数目', example='10'),
          total?: long(name='Total', description='总共数目', example='30'),
        }(name='Deleted', description='删除结果统计'),
        pushed?: {
          failed?: long(name='Failed', description='失败数目', example='10'),
          skipped?: long(name='Skipped', description='跳过数目', example='10'),
          success?: long(name='Success', description='成功数目', example='10'),
          total?: long(name='Total', description='总共数目', example='30'),
        }(name='Pushed', description='推送结果统计'),
        same?: {
          failed?: long(name='Failed', description='失败数目', example='10'),
          skipped?: long(name='Skipped', description='跳过数目', example='10'),
          success?: long(name='Success', description='成功数目', example='10'),
          total?: long(name='Total', description='总共数目', example='30'),
        }(name='Same', description='相同结果统计'),
        updated?: {
          failed?: long(name='Failed', description='失败数目', example='10'),
          skipped?: long(name='Skipped', description='跳过数目', example='10'),
          success?: long(name='Success', description='成功数目', example='10'),
          total?: long(name='Total', description='总共数目', example='30'),
        }(name='Updated', description='更新结果统计'),
      }(name='GroupMemberStatistics', description='组成员同步结果统计'),
      groupStatistics?: {
        binded?: {
          failed?: long(name='Failed', description='失败数目', example='10'),
          skipped?: long(name='Skipped', description='跳过数目', example='10'),
          success?: long(name='Success', description='成功数目', example='10'),
          total?: long(name='Total', description='总共数目', example='30'),
        }(name='Binded', description='绑定结果统计'),
        created?: {
          failed?: long(name='Failed', description='失败数目', example='10'),
          skipped?: long(name='Skipped', description='跳过数目', example='10'),
          success?: long(name='Success', description='成功数目', example='10'),
          total?: long(name='Total', description='总共数目', example='30'),
        }(name='Created', description='创建结果统计'),
        deleted?: {
          failed?: long(name='Failed', description='失败数目', example='10'),
          skipped?: long(name='Skipped', description='跳过数目', example='10'),
          success?: long(name='Success', description='成功数目', example='10'),
          total?: long(name='Total', description='总共数目', example='30'),
        }(name='Deleted', description='删除结果统计'),
        pushed?: {
          failed?: long(name='Failed', description='失败数目', example='10'),
          skipped?: long(name='Skipped', description='跳过数目', example='10'),
          success?: long(name='Success', description='成功数目', example='10'),
          total?: long(name='Total', description='总共数目', example='30'),
        }(name='Pushed', description='推送结果统计'),
        same?: {
          failed?: long(name='Failed', description='失败数目', example='10'),
          skipped?: long(name='Skipped', description='跳过数目', example='10'),
          success?: long(name='Success', description='成功数目', example='10'),
          total?: long(name='Total', description='总共数目', example='30'),
        }(name='Same', description='相同结果统计'),
        updated?: {
          failed?: long(name='Failed', description='失败数目', example='10'),
          skipped?: long(name='Skipped', description='跳过数目', example='10'),
          success?: long(name='Success', description='成功数目', example='10'),
          total?: long(name='Total', description='总共数目', example='30'),
        }(name='Updated', description='更新结果统计'),
      }(name='GroupStatistics', description='组同步结果统计'),
      organizationalUnitStatistics?: {
        binded?: {
          failed?: long(name='Failed', description='失败数目', example='10'),
          skipped?: long(name='Skipped', description='跳过数目', example='10'),
          success?: long(name='Success', description='成功数目', example='10'),
          total?: long(name='Total', description='总共数目', example='30'),
        }(name='Binded', description='绑定结果统计'),
        created?: {
          failed?: long(name='Failed', description='失败数目', example='10'),
          skipped?: long(name='Skipped', description='跳过数目', example='10'),
          success?: long(name='Success', description='成功数目', example='10'),
          total?: long(name='Total', description='总共数目', example='30'),
        }(name='Created', description='创建结果统计'),
        deleted?: {
          failed?: long(name='Failed', description='失败数目', example='10'),
          skipped?: long(name='Skipped', description='跳过数目', example='10'),
          success?: long(name='Success', description='成功数目', example='10'),
          total?: long(name='Total', description='总共数目', example='30'),
        }(name='Deleted', description='删除结果统计'),
        pushed?: {
          failed?: long(name='Failed', description='失败数目', example='10'),
          skipped?: long(name='Skipped', description='跳过数目', example='10'),
          success?: long(name='Success', description='成功数目', example='10'),
          total?: long(name='Total', description='总共数目', example='30'),
        }(name='Pushed', description='推送结果统计'),
        same?: {
          failed?: long(name='Failed', description='失败数目', example='10'),
          skipped?: long(name='Skipped', description='跳过数目', example='10'),
          success?: long(name='Success', description='成功数目', example='10'),
          total?: long(name='Total', description='总共数目', example='30'),
        }(name='Same', description='相同结果统计'),
        updated?: {
          failed?: long(name='Failed', description='失败数目', example='10'),
          skipped?: long(name='Skipped', description='跳过数目', example='10'),
          success?: long(name='Success', description='成功数目', example='10'),
          total?: long(name='Total', description='总共数目', example='30'),
        }(name='Updated', description='更新结果统计'),
      }(name='OrganizationalUnitStatistics', description='组织同步结果统计'),
      userStatistics?: {
        binded?: {
          failed?: long(name='Failed', description='失败数目', example='10'),
          skipped?: long(name='Skipped', description='跳过数目', example='10'),
          success?: long(name='Success', description='成功数目', example='10'),
          total?: long(name='Total', description='总共数目', example='10'),
        }(name='Binded', description='绑定结果统计'),
        created?: {
          failed?: long(name='Failed', description='失败数目', example='10'),
          skipped?: long(name='Skipped', description='跳过数目', example='10'),
          success?: long(name='Success', description='成功数目', example='10'),
          total?: long(name='Total', description='总共数目', example='10'),
        }(name='Created', description='创建结果统计'),
        deleted?: {
          failed?: long(name='Failed', description='失败数目', example='10'),
          skipped?: long(name='Skipped', description='跳过数目', example='10'),
          success?: long(name='Success', description='成功数目', example='10'),
          total?: long(name='Total', description='总共数目', example='10'),
        }(name='Deleted', description='删除结果统计'),
        pushed?: {
          failed?: long(name='Failed', description='失败数目', example='10'),
          skipped?: long(name='Skipped', description='跳过数目', example='10'),
          success?: long(name='Success', description='成功数目', example='10'),
          total?: long(name='Total', description='总共数目', example='10'),
        }(name='Pushed', description='推送结果统计'),
        same?: {
          failed?: long(name='Failed', description='失败数目', example='10'),
          skipped?: long(name='Skipped', description='跳过数目', example='10'),
          success?: long(name='Success', description='成功数目', example='10'),
          total?: long(name='Total', description='总共数目', example='10'),
        }(name='Same', description='相同结果统计'),
        updated?: {
          failed?: long(name='Failed', description='失败数目', example='10'),
          skipped?: long(name='Skipped', description='跳过数目', example='10'),
          success?: long(name='Success', description='成功数目', example='10'),
          total?: long(name='Total', description='总共数目', example='10'),
        }(name='Updated', description='更新结果统计'),
      }(name='UserStatistics', description='用户同步结果统计'),
    }(name='Result', description='同步任务结果'),
    startTime?: long(name='StartTime', description='同步开始时间', example='1649830226000'),
    status?: string(name='Status', description='同步任务状态', example='running'),
    synchronizationJobId?: string(name='SynchronizationJobId', description='同步任务ID', example='sync_0000347vjovtcf41li0fgsd98gn24q9nj9xxxxx'),
    targetId?: string(name='TargetId', description='同步目标ID', example='idp_my664lwkhpicbyzirog3nxxxxx'),
    targetType?: string(name='TargetType', description='同步目标类型', example='identity_provider'),
    triggerType?: string(name='TriggerType', description='同步触发类型', example='auto'),
  }(name='SynchronizationJob'),
}

model GetSynchronizationJobResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetSynchronizationJobResponseBody(name='body'),
}

/**
 * @summary 查询同步任务
 *
 * @param request GetSynchronizationJobRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetSynchronizationJobResponse
 */
async function getSynchronizationJobWithOptions(request: GetSynchronizationJobRequest, runtime: $RuntimeOptions): GetSynchronizationJobResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.synchronizationJobId)) {
    query['SynchronizationJobId'] = request.synchronizationJobId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'GetSynchronizationJob',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 查询同步任务
 *
 * @param request GetSynchronizationJobRequest
 * @return GetSynchronizationJobResponse
 */
async function getSynchronizationJob(request: GetSynchronizationJobRequest): GetSynchronizationJobResponse {
  var runtime = new $RuntimeOptions{};
  return getSynchronizationJobWithOptions(request, runtime);
}

model GetUserRequest {
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  userId?: string(name='UserId', description='The ID of the account.

This parameter is required.', example='user_d6sbsuumeta4h66ec3il7yxxxx'),
}

model GetUserResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
  user?: {
    accountExpireTime?: long(name='AccountExpireTime', description='The time when the account expires. This value is a UNIX timestamp. Unit: milliseconds.', example='1652085686179'),
    createTime?: long(name='CreateTime', description='The time when the account was created. This value is a UNIX timestamp. Unit: milliseconds.', example='1652085686179'),
    customFields?: [ 
      {
        fieldName?: string(name='FieldName', description='The identifier of the custom field.', example='age'),
        fieldValue?: string(name='FieldValue', description='The value of the custom field.', example='10'),
      }
    ](name='CustomFields', description='The list of custom fields that describe the account.'),
    description?: string(name='Description', description='The description of the account.', example='Test account'),
    displayName?: string(name='DisplayName', description='The display name of the account.', example='display_name001'),
    email?: string(name='Email', description='The email address of the user who owns the account.', example='user@example.com'),
    emailVerified?: boolean(name='EmailVerified', description='Indicates whether the email address has been verified. A value of true indicates that the email address has been verified by the user or has been set to the verified status by the administrator. A value of false indicates that the email address has not been verified.', example='true'),
    groups?: [ 
      {
        description?: string(name='Description', description='The description of the organizational unit.', example='this is a test.'),
        groupId?: string(name='GroupId', description='The ID of the organizational unit.', example='group_d6sbsuumeta4h66ec3il7yxxxx'),
        groupName?: string(name='GroupName', description='The name of the organizational unit.', example='group_test_name'),
      }
    ](name='Groups', description='The organizational units to which the account belongs.'),
    instanceId?: string(name='InstanceId', description='The ID of the instance', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
    lockExpireTime?: long(name='LockExpireTime', description='The time when the account lock expires. This value is a UNIX timestamp. Unit: milliseconds.', example='1652085686179'),
    organizationalUnits?: [ 
      {
        organizationalUnitId?: string(name='OrganizationalUnitId', description='The ID of the organizational unit.', example='ou_wovwffm62xifdziem7an7xxxxx'),
        organizationalUnitName?: string(name='OrganizationalUnitName', description='The name of the organizational unit.', example='test_ou_name'),
        primary?: boolean(name='Primary', description='Indicates whether the organization is the primary organization.', example='true'),
      }
    ](name='OrganizationalUnits', description='The organizational units to which the account belongs.'),
    passwordExpireTime?: long(name='PasswordExpireTime', description='The time when the password of the account expires. This value is a UNIX timestamp. Unit: milliseconds.

*   If the value -1 is returned, the password does not expire.
*   If no value is returned, the password does not expire.
*   If a UNIX timestamp is returned, the password expires at the indicated point of time.', example='1652085686179'),
    passwordSet?: boolean(name='PasswordSet', description='Indicates whether a password is set.', example='false'),
    phoneNumber?: string(name='PhoneNumber', description='The mobile number of the user who owns the account.', example='156xxxxxxx'),
    phoneNumberVerified?: boolean(name='PhoneNumberVerified', description='Indicates whether the mobile number has been verified. A value of true indicates that the mobile number has been verified by the user or has been set to the verified status by the administrator. A value of false indicates that the mobile number has not been verified.', example='true'),
    phoneRegion?: string(name='PhoneRegion', description='The country code of the mobile number. For example, the country code of China is 86 without 00 or +.', example='86'),
    preferredLanguage?: string(name='PreferredLanguage', description='Preferred language', example='en-US'),
    primaryOrganizationalUnitId?: string(name='PrimaryOrganizationalUnitId', description='The ID of the primary organizational unit to which the account belongs.', example='ou_wovwffm62xifdziem7an7xxxxx'),
    registerTime?: long(name='RegisterTime', description='The time when the account was registered. This value is a UNIX timestamp. Unit: milliseconds.', example='1652085686179'),
    status?: string(name='Status', description='The status of the account. Valid values:

*   enabled: The account is enabled.
*   disabled: The account is disabled.', example='enabled'),
    updateTime?: long(name='UpdateTime', description='The time when the account was last updated. The value is a UNIX timestamp. Unit: milliseconds.', example='1652085686179'),
    userExternalId?: string(name='UserExternalId', description='The external ID of the account. The external ID can be used by external data to map the data of the account in IDaaS EIAM. By default, the external ID is the account ID.

For accounts with the same source type and source ID, each account has a unique external ID.', example='user_d6sbsuumeta4h66ec3il7yxxxx'),
    userId?: string(name='UserId', description='The ID of the account.', example='user_d6sbsuumeta4h66ec3il7yxxxx'),
    userSourceId?: string(name='UserSourceId', description='The source ID of the account.

If the account was created in IDaaS, its source ID is the ID of the IDaaS instance. If the account was imported, its source ID is the enterprise ID in the source. For example, if the account was imported from DingTalk, its source ID is the corpId value of the enterprise in DingTalk.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
    userSourceType?: string(name='UserSourceType', description='The source type of the account. Valid values:

*   build_in: The account was created in IDaaS.
*   ding_talk: The account was imported from DingTalk.
*   ad: The account was imported from Microsoft Active Directory (AD).
*   ldap: The account was imported from a Lightweight Directory Access Protocol (LDAP) service.', example='build_in'),
    username?: string(name='Username', description='The username of the account.', example='name001'),
  }(name='User', description='The data object of the account.'),
}

model GetUserResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetUserResponseBody(name='body'),
}

/**
 * @summary Queries the details of an account in Identity as a Service (IDaaS) Employee IAM (EIAM).
 *
 * @param request GetUserRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetUserResponse
 */
async function getUserWithOptions(request: GetUserRequest, runtime: $RuntimeOptions): GetUserResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.userId)) {
    query['UserId'] = request.userId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'GetUser',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the details of an account in Identity as a Service (IDaaS) Employee IAM (EIAM).
 *
 * @param request GetUserRequest
 * @return GetUserResponse
 */
async function getUser(request: GetUserRequest): GetUserResponse {
  var runtime = new $RuntimeOptions{};
  return getUserWithOptions(request, runtime);
}

model ListApplicationClientSecretsRequest {
  applicationId?: string(name='ApplicationId', description='The ID of the application that you want to query.

This parameter is required.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model ListApplicationClientSecretsResponseBody = {
  applicationClientSecrets?: [ 
    {
      applicationId?: string(name='ApplicationId', description='The ID of the application that you want to query.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
      clientId?: string(name='ClientId', description='The client ID of the application.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
      clientSecret?: string(name='ClientSecret', description='The client key secret of the application. The value is not masked.', example='eyJh*****************************************************************************************************OQ'),
      instanceId?: string(name='InstanceId', description='The ID of the instance.', example='idaas_wdziy4vnjt33ehhf7z2o2nxxxx'),
      lastUsedTime?: long(name='LastUsedTime', description='The time when the client key was last used. The value is a UNIX timestamp. Unit: milliseconds.', example='1649830226000'),
      secretId?: string(name='SecretId', description='The client key ID of the application.', example='sci_k52x2ru63rlkflina5utgkxxxx'),
      status?: string(name='Status', description='The status of the client key. Valid values:

*   Enabled: The client key is enabled.
*   Disabled: The client key is disabled.', example='enabled'),
    }
  ](name='ApplicationClientSecrets', description='The information about the client keys.'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
  totalCount?: long(name='TotalCount', description='The total number of returned entries.', example='100'),
}

model ListApplicationClientSecretsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListApplicationClientSecretsResponseBody(name='body'),
}

/**
 * @summary Queries all client keys of an Employee Identity and Access Management (EIAM) application. The returned key secret is not masked. If you want to query the key secret that is masked, call the ObtainApplicationClientSecret operation.
 *
 * @param request ListApplicationClientSecretsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListApplicationClientSecretsResponse
 */
async function listApplicationClientSecretsWithOptions(request: ListApplicationClientSecretsRequest, runtime: $RuntimeOptions): ListApplicationClientSecretsResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.applicationId)) {
    query['ApplicationId'] = request.applicationId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'ListApplicationClientSecrets',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries all client keys of an Employee Identity and Access Management (EIAM) application. The returned key secret is not masked. If you want to query the key secret that is masked, call the ObtainApplicationClientSecret operation.
 *
 * @param request ListApplicationClientSecretsRequest
 * @return ListApplicationClientSecretsResponse
 */
async function listApplicationClientSecrets(request: ListApplicationClientSecretsRequest): ListApplicationClientSecretsResponse {
  var runtime = new $RuntimeOptions{};
  return listApplicationClientSecretsWithOptions(request, runtime);
}

model ListApplicationsRequest {
  applicationIds?: [ string ](name='ApplicationIds', description='The IDs of the applications.', example='Ram Account SSO'),
  applicationName?: string(name='ApplicationName', description='The name of the application. Only fuzzy match from the leftmost character is supported.', example='Ram Account SSO'),
  authorizationType?: string(name='AuthorizationType', description='The authorization of the application. Valid values:

*   authorize_required: Only the user with explicit authorization can access the application.
*   default_all: By default, all users can access the application.', example='authorize_required'),
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  m2MClientStatus?: string(name='M2MClientStatus', example='enabled'),
  pageNumber?: long(name='PageNumber', description='The number of the page to return.', example='1'),
  pageSize?: long(name='PageSize', description='The number of entries to return on each page.', example='20'),
  resourceServerStatus?: string(name='ResourceServerStatus', example='enabled'),
  ssoType?: string(name='SsoType', example='oauth2/m2m'),
  status?: string(name='Status', description='The status of the application. Valid values:

*   Enabled: The application is enabled.
*   Disabled: The application is disabled.', example='enabled'),
}

model ListApplicationsResponseBody = {
  applications?: [ 
    {
      applicationId?: string(name='ApplicationId', description='The ID of the application.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
      applicationName?: string(name='ApplicationName', description='The name of the application.', example='SAML Application'),
      applicationSourceType?: string(name='ApplicationSourceType', description='The origin of the application. Valid values:

*   urn:alibaba:idaas:app:source:template: The application is created based on a template.
*   urn:alibaba:idaas: The application is created based on the standard protocol.', example='urn:alibaba:idaas:app:source:standard'),
      applicationTemplateId?: string(name='ApplicationTemplateId', description='应用模板ID'),
      clientId?: string(name='ClientId', description='The client ID of the application.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
      createTime?: long(name='CreateTime', description='The time when the application was created. The value is a UNIX timestamp. Unit: milliseconds.', example='1649830226000'),
      description?: string(name='Description', description='The description of the application.', example='A single application. The code is pkces.'),
      features?: string(name='Features', description='The features that are supported by the application. The value is a JSON array. Valid values:

*   sso: The application supports SSO.
*   provision: The application supports account synchronization.
*   api_invoke: The application supports custom APIs.', example='["sso", "provision"]'),
      instanceId?: string(name='InstanceId', description='The ID of the instance.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
      logoUrl?: string(name='LogoUrl', description='The URL of the application icon.', example='https://img.alicdn.com/imgextra/i4/O1CN01lvYwpv1aGowQXDML9_!!6000000003303-0-tps-580-580.jpg'),
      m2MClientStatus?: string(name='M2MClientStatus'),
      managedServiceCode?: string(name='ManagedServiceCode', description='The service code of the cloud service that manages the application template.', example='rpa'),
      resourceServerIdentifier?: string(name='ResourceServerIdentifier'),
      resourceServerStatus?: string(name='ResourceServerStatus'),
      serviceManaged?: boolean(name='ServiceManaged', description='Indicates whether the application template is managed by a cloud service.', example='true'),
      ssoType?: string(name='SsoType', description='The type of the single sign-on (SSO) protocol. Valid values:

*   saml2: the Security Assertion Markup Language (SAML) 2.0 protocol.
*   oidc: the OpenID Connect (OIDC) protocol.', example='saml2'),
      status?: string(name='Status', description='The status of the application. Valid values:

*   Enabled: The application is enabled.
*   Disabled: The application is disabled.', example='enabled'),
      updateTime?: long(name='UpdateTime', description='The time when the application was last updated. The value is a UNIX timestamp. Unit: milliseconds.', example='1649830226000'),
    }
  ](name='Applications', description='The details of the applications.'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
  totalCount?: long(name='TotalCount', description='The total number of the returned entries.', example='100'),
}

model ListApplicationsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListApplicationsResponseBody(name='body'),
}

/**
 * @summary Queries the information about one or multiple Employee Identity and Access Management (EIAM) applications by page.
 *
 * @param request ListApplicationsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListApplicationsResponse
 */
async function listApplicationsWithOptions(request: ListApplicationsRequest, runtime: $RuntimeOptions): ListApplicationsResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.applicationIds)) {
    query['ApplicationIds'] = request.applicationIds;
  }
  if (!$isNull(request.applicationName)) {
    query['ApplicationName'] = request.applicationName;
  }
  if (!$isNull(request.authorizationType)) {
    query['AuthorizationType'] = request.authorizationType;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.m2MClientStatus)) {
    query['M2MClientStatus'] = request.m2MClientStatus;
  }
  if (!$isNull(request.pageNumber)) {
    query['PageNumber'] = request.pageNumber;
  }
  if (!$isNull(request.pageSize)) {
    query['PageSize'] = request.pageSize;
  }
  if (!$isNull(request.resourceServerStatus)) {
    query['ResourceServerStatus'] = request.resourceServerStatus;
  }
  if (!$isNull(request.ssoType)) {
    query['SsoType'] = request.ssoType;
  }
  if (!$isNull(request.status)) {
    query['Status'] = request.status;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'ListApplications',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the information about one or multiple Employee Identity and Access Management (EIAM) applications by page.
 *
 * @param request ListApplicationsRequest
 * @return ListApplicationsResponse
 */
async function listApplications(request: ListApplicationsRequest): ListApplicationsResponse {
  var runtime = new $RuntimeOptions{};
  return listApplicationsWithOptions(request, runtime);
}

model ListApplicationsForOrganizationalUnitRequest {
  applicationIds?: [ string ](name='ApplicationIds', description='The IDs of the applications that the EIAM organization can access. You can query a maximum of 100 application IDs at a time.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  organizationalUnitId?: string(name='OrganizationalUnitId', description='The ID of the EIAM organization.

This parameter is required.', example='ou_wovwffm62xifdziem7an7xxxxx'),
  pageNumber?: long(name='PageNumber', description='The number of the page to return.', example='1'),
  pageSize?: long(name='PageSize', description='The number of entries to return on each page.', example='20'),
}

model ListApplicationsForOrganizationalUnitResponseBody = {
  applications?: [ 
    {
      applicationId?: string(name='ApplicationId', description='The ID of the application that the EIAM organization can access.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
    }
  ](name='Applications', description='The applications that the EIAM organization can access.'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
  totalCount?: long(name='TotalCount', description='The total number of the returned entries.', example='100'),
}

model ListApplicationsForOrganizationalUnitResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListApplicationsForOrganizationalUnitResponseBody(name='body'),
}

/**
 * @summary Queries the applications that an Employee Identity and Access Management (EIAM) organization can access. The return result includes the IDs of the applications. If you want to obtain the details of the applications, call the GetApplication operation.
 *
 * @description You can only query the permissions that are directly granted to the EIAM organization by calling the ListApplicationsForOrganizationalUnit operation. You can filter applications by configuring the **ApplicationIds** parameter when you call this operation.
 *
 * @param request ListApplicationsForOrganizationalUnitRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListApplicationsForOrganizationalUnitResponse
 */
async function listApplicationsForOrganizationalUnitWithOptions(request: ListApplicationsForOrganizationalUnitRequest, runtime: $RuntimeOptions): ListApplicationsForOrganizationalUnitResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.applicationIds)) {
    query['ApplicationIds'] = request.applicationIds;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.organizationalUnitId)) {
    query['OrganizationalUnitId'] = request.organizationalUnitId;
  }
  if (!$isNull(request.pageNumber)) {
    query['PageNumber'] = request.pageNumber;
  }
  if (!$isNull(request.pageSize)) {
    query['PageSize'] = request.pageSize;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'ListApplicationsForOrganizationalUnit',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the applications that an Employee Identity and Access Management (EIAM) organization can access. The return result includes the IDs of the applications. If you want to obtain the details of the applications, call the GetApplication operation.
 *
 * @description You can only query the permissions that are directly granted to the EIAM organization by calling the ListApplicationsForOrganizationalUnit operation. You can filter applications by configuring the **ApplicationIds** parameter when you call this operation.
 *
 * @param request ListApplicationsForOrganizationalUnitRequest
 * @return ListApplicationsForOrganizationalUnitResponse
 */
async function listApplicationsForOrganizationalUnit(request: ListApplicationsForOrganizationalUnitRequest): ListApplicationsForOrganizationalUnitResponse {
  var runtime = new $RuntimeOptions{};
  return listApplicationsForOrganizationalUnitWithOptions(request, runtime);
}

model ListApplicationsForUserRequest {
  applicationIds?: [ string ](name='ApplicationIds', description='The IDs of the applications that the EIAM account can access. You can query a maximum of 100 application IDs at a time.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  pageNumber?: long(name='PageNumber', description='The number of the page to return.', example='1'),
  pageSize?: long(name='PageSize', description='The number of entries to return on each page.', example='20'),
  queryMode?: string(name='QueryMode', description='The query mode. Default value: **OnlyDirect**. Valid values:

*   OnlyDirect: Only the direct permissions are queried. Direct permissions are the permissions that are directly granted to the account.
*   IncludeInherit: Both the permissions that are directly granted to the account and the inherited permissions are queried. Inherited permissions are the permissions that an account inherits from the parent organization or the group to which the account belongs.', example='OnlyDirect'),
  userId?: string(name='UserId', description='The ID of the EIAM account.

This parameter is required.', example='user_d6sbsuumeta4h66ec3il7yxxxx'),
}

model ListApplicationsForUserResponseBody = {
  applications?: [ 
    {
      applicationId?: string(name='ApplicationId', description='The ID of the application that the EIAM account can access.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
      hasDirectAuthorization?: boolean(name='HasDirectAuthorization', description='Indicates whether the EIAM account has direct permissions on the application. Valid values:

*   true: The EIAM account has direct permissions on the application.
*   false: The EIAM account does not have direct permissions on the application.', example='true'),
      hasInheritAuthorization?: boolean(name='HasInheritAuthorization', description='Indicates whether the EIAM account has inherited permissions on the application. Valid values:

*   true: A parent organization or an organization to which the EIAM account belongs has direct permissions on the application.
*   false: A parent organization or an organization to which the EIAM account belongs does not have direct permissions on the application.', example='false'),
    }
  ](name='Applications', description='The applications that the EIAM account can access.'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
  totalCount?: long(name='TotalCount', description='The total number of the returned entries.', example='100'),
}

model ListApplicationsForUserResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListApplicationsForUserResponseBody(name='body'),
}

/**
 * @summary Queries the applications that an Employee Identity and Access Management (EIAM) account can access. The return result includes the IDs of the applications. If you want to obtain the details of the applications, call the GetApplication operation.
 *
 * @param request ListApplicationsForUserRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListApplicationsForUserResponse
 */
async function listApplicationsForUserWithOptions(request: ListApplicationsForUserRequest, runtime: $RuntimeOptions): ListApplicationsForUserResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.applicationIds)) {
    query['ApplicationIds'] = request.applicationIds;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.pageNumber)) {
    query['PageNumber'] = request.pageNumber;
  }
  if (!$isNull(request.pageSize)) {
    query['PageSize'] = request.pageSize;
  }
  if (!$isNull(request.queryMode)) {
    query['QueryMode'] = request.queryMode;
  }
  if (!$isNull(request.userId)) {
    query['UserId'] = request.userId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'ListApplicationsForUser',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the applications that an Employee Identity and Access Management (EIAM) account can access. The return result includes the IDs of the applications. If you want to obtain the details of the applications, call the GetApplication operation.
 *
 * @param request ListApplicationsForUserRequest
 * @return ListApplicationsForUserResponse
 */
async function listApplicationsForUser(request: ListApplicationsForUserRequest): ListApplicationsForUserResponse {
  var runtime = new $RuntimeOptions{};
  return listApplicationsForUserWithOptions(request, runtime);
}

model ListConditionalAccessPoliciesRequest {
  instanceId?: string(name='InstanceId', description='Instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  maxResults?: long(name='MaxResults', description='Number of items per page in a paginated query.', example='20'),
  nextToken?: string(name='NextToken', description='Token for the next page query.', example='NTxxxxxexample'),
  previousToken?: string(name='PreviousToken', description='Token for the previous page query.', example='PTxxxxxexample'),
}

model ListConditionalAccessPoliciesResponseBody = {
  conditionalAccessPolicies?: [ 
    {
      conditionalAccessPolicyId?: string(name='ConditionalAccessPolicyId', description='Conditional access policy ID', example='cp_xxxxx'),
      conditionalAccessPolicyName?: string(name='ConditionalAccessPolicyName', description='Conditional access policy name', example='My Policy'),
      conditionalAccessPolicyType?: string(name='ConditionalAccessPolicyType', description='Type of the conditional access policy', example='arn:alibaba:idaas:authn:access:policy:system'),
      conditionsConfig?: {
        applications?: {
          excludeApplications?: [ string ](name='ExcludeApplications', description='Excluded applications'),
          includeApplications?: [ string ](name='IncludeApplications', description='Selected applications'),
        }(name='Applications', description='Target applications of the conditional access policy'),
        networkZones?: {
          excludeNetworkZones?: [ string ](name='ExcludeNetworkZones', description='Excluded network zones'),
          includeNetworkZones?: [ string ](name='IncludeNetworkZones', description='Included network ranges'),
        }(name='NetworkZones', description='Network zones for conditional access policies'),
        users?: {
          excludeGroups?: [ string ](name='ExcludeGroups', description='Excluded user groups'),
          excludeOrganizationalUnits?: [ string ](name='ExcludeOrganizationalUnits', description='Excluded organizations'),
          excludeUsers?: [ string ](name='ExcludeUsers', description='Excluded users'),
          includeGroups?: [ string ](name='IncludeGroups', description='Included user groups'),
          includeOrganizationalUnits?: [ string ](name='IncludeOrganizationalUnits', description='Included organizations'),
          includeUsers?: [ string ](name='IncludeUsers', description='Selected users'),
        }(name='Users', description='Target users of the conditional access policy'),
      }(name='ConditionsConfig', description='Content of the conditional access policy'),
      createTime?: long(name='CreateTime', description='Creation time', example='1741857554000'),
      decisionConfig?: {
        activeSessionReuseStatus?: string(name='ActiveSessionReuseStatus', description='Whether to enable session reuse for secondary authentication', example='disabled'),
        effect?: string(name='Effect', description='Decision action of the conditional access policy:
deny  Deny
allow Allow', example='deny'),
        mfaAuthenticationIntervalSeconds?: long(name='MfaAuthenticationIntervalSeconds', description='Re-authentication interval for the conditional access policy (in seconds) 300-86400', example='300'),
        mfaAuthenticationMethods?: [ string ](name='MfaAuthenticationMethods', description='MFA types allowed by the conditional access policy'),
        mfaType?: string(name='MfaType', description='Conditional Access Policy Mfa Type', example='directly_access'),
      }(name='DecisionConfig', description='Action of the conditional access policy'),
      decisionType?: string(name='DecisionType', description='Execution type of the conditional access policy', example='enforcement'),
      description?: string(name='Description', description='Description of the conditional access policy', example='My Policy Description'),
      evaluateAt?: string(name='EvaluateAt', description='Execution point of the conditional access policy', example='arn:alibaba:idaas:authn:access:rule:eval_at:after_step1'),
      instanceId?: string(name='InstanceId', description='Instance ID', example='idaas_ksvv5c7f2l6uzh6oqspeks23ni'),
      lastUpdatedTime?: long(name='LastUpdatedTime', description='Last updated time', example='1741857554000'),
      priority?: int32(name='Priority', description='Priority, 1-100', example='1'),
      status?: string(name='Status', description='Enable or disable status of the conditional access policy', example='disabled'),
    }
  ](name='ConditionalAccessPolicies', description='Collection of conditional access policies'),
  nextToken?: string(name='NextToken', description='The token value returned by this call for the next page query.', example='NTxxxexample'),
  previousToken?: string(name='PreviousToken', description='Previous page query token (Token)', example='PTxxxxxexample'),
  requestId?: string(name='RequestId', description='Request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
  totalCount?: long(name='TotalCount', description='Total number of items in the list.', example='100'),
}

model ListConditionalAccessPoliciesResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListConditionalAccessPoliciesResponseBody(name='body'),
}

/**
 * @summary List of Conditional Access Policies
 *
 * @description Paginated query for the list of conditional access policies
 *
 * @param request ListConditionalAccessPoliciesRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListConditionalAccessPoliciesResponse
 */
async function listConditionalAccessPoliciesWithOptions(request: ListConditionalAccessPoliciesRequest, runtime: $RuntimeOptions): ListConditionalAccessPoliciesResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.maxResults)) {
    query['MaxResults'] = request.maxResults;
  }
  if (!$isNull(request.nextToken)) {
    query['NextToken'] = request.nextToken;
  }
  if (!$isNull(request.previousToken)) {
    query['PreviousToken'] = request.previousToken;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'ListConditionalAccessPolicies',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary List of Conditional Access Policies
 *
 * @description Paginated query for the list of conditional access policies
 *
 * @param request ListConditionalAccessPoliciesRequest
 * @return ListConditionalAccessPoliciesResponse
 */
async function listConditionalAccessPolicies(request: ListConditionalAccessPoliciesRequest): ListConditionalAccessPoliciesResponse {
  var runtime = new $RuntimeOptions{};
  return listConditionalAccessPoliciesWithOptions(request, runtime);
}

model ListConditionalAccessPoliciesForNetworkZoneRequest {
  instanceId?: string(name='InstanceId', description='Instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  networkZoneId?: string(name='NetworkZoneId', description='Application ID associated with the conditional access policy

This parameter is required.', example='app_11111'),
}

model ListConditionalAccessPoliciesForNetworkZoneResponseBody = {
  conditionalAccessPolicies?: [ 
    {
      conditionalAccessPolicyId?: string(name='ConditionalAccessPolicyId', description='Conditional access policy ID', example='cp_xxxxx'),
      conditionalAccessPolicyName?: string(name='ConditionalAccessPolicyName', description='Conditional access policy name', example='My Policy'),
      conditionalAccessPolicyType?: string(name='ConditionalAccessPolicyType', description='Type of the conditional access policy', example='arn:alibaba:idaas:authn:access:policy:system'),
      conditionsConfig?: {
        applications?: {
          excludeApplications?: [ string ](name='ExcludeApplications', description='Excluded applications'),
          includeApplications?: [ string ](name='IncludeApplications', description='Selected applications'),
        }(name='Applications', description='Target applications of the conditional access policy'),
        networkZones?: {
          excludeNetworkZones?: [ string ](name='ExcludeNetworkZones', description='Excluded network zones'),
          includeNetworkZones?: [ string ](name='IncludeNetworkZones', description='Included network zones'),
        }(name='NetworkZones', description='Network zones for conditional access policies'),
        users?: {
          excludeGroups?: [ string ](name='ExcludeGroups', description='Excluded user groups'),
          excludeOrganizationalUnits?: [ string ](name='ExcludeOrganizationalUnits', description='Excluded organizations'),
          excludeUsers?: [ string ](name='ExcludeUsers', description='Excluded Users'),
          includeGroups?: [ string ](name='IncludeGroups', description='Selected user groups'),
          includeOrganizationalUnits?: [ string ](name='IncludeOrganizationalUnits', description='Selected organizations'),
          includeUsers?: [ string ](name='IncludeUsers', description='Selected users'),
        }(name='Users', description='Target users of the conditional access policy'),
      }(name='ConditionsConfig', description='Content of the conditional access policy'),
      createTime?: long(name='CreateTime', description='Creation Time', example='1741857554000'),
      decisionConfig?: {
        activeSessionReuseStatus?: string(name='ActiveSessionReuseStatus', description='Whether session reuse is enabled', example='enabled'),
        effect?: string(name='Effect', description='Decision action of the conditional access policy', example='allow'),
        mfaAuthenticationIntervalSeconds?: long(name='MfaAuthenticationIntervalSeconds', description='Re-authentication interval for conditional access policy (seconds)', example='300'),
        mfaAuthenticationMethods?: [ string ](name='MfaAuthenticationMethods', description='MFA types allowed by the conditional access policy'),
        mfaType?: string(name='MfaType', description='MFA type of the conditional access policy', example='directly_access'),
      }(name='DecisionConfig', description='Action of the conditional access policy'),
      decisionType?: string(name='DecisionType', description='Execution type of the conditional access policy', example='enforcement'),
      description?: string(name='Description', description='Description of the conditional access policy', example='terraform-example'),
      evaluateAt?: string(name='EvaluateAt', description='Execution point of the conditional access policy', example='arn:alibaba:idaas:authn:access:rule:eval_at:after_step1'),
      instanceId?: string(name='InstanceId', description='Instance ID', example='idaas_oynbcyaaejuik6b37eldz4pinu'),
      lastUpdatedTime?: long(name='LastUpdatedTime', description='Last Updated Time', example='1741857554000'),
      priority?: int32(name='Priority', description='Priority', example='10'),
      status?: string(name='Status', description='Enable or disable status of the conditional access policy', example='disabled'),
    }
  ](name='ConditionalAccessPolicies', description='Collection of conditional access policies'),
  requestId?: string(name='RequestId', description='Request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model ListConditionalAccessPoliciesForNetworkZoneResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListConditionalAccessPoliciesForNetworkZoneResponseBody(name='body'),
}

/**
 * @summary List Conditional Access Policies Associated with Network Areas
 *
 * @description List Conditional Access Policies Associated with Network Zones
 *
 * @param request ListConditionalAccessPoliciesForNetworkZoneRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListConditionalAccessPoliciesForNetworkZoneResponse
 */
async function listConditionalAccessPoliciesForNetworkZoneWithOptions(request: ListConditionalAccessPoliciesForNetworkZoneRequest, runtime: $RuntimeOptions): ListConditionalAccessPoliciesForNetworkZoneResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.networkZoneId)) {
    query['NetworkZoneId'] = request.networkZoneId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'ListConditionalAccessPoliciesForNetworkZone',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary List Conditional Access Policies Associated with Network Areas
 *
 * @description List Conditional Access Policies Associated with Network Zones
 *
 * @param request ListConditionalAccessPoliciesForNetworkZoneRequest
 * @return ListConditionalAccessPoliciesForNetworkZoneResponse
 */
async function listConditionalAccessPoliciesForNetworkZone(request: ListConditionalAccessPoliciesForNetworkZoneRequest): ListConditionalAccessPoliciesForNetworkZoneResponse {
  var runtime = new $RuntimeOptions{};
  return listConditionalAccessPoliciesForNetworkZoneWithOptions(request, runtime);
}

model ListDomainProxyTokensRequest {
  domainId?: string(name='DomainId', description='域名ID。

This parameter is required.', example='dm_examplexxxxx'),
  instanceId?: string(name='InstanceId', description='IDaaS EIAM实例的ID。

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model ListDomainProxyTokensResponseBody = {
  domainProxyTokens?: [ 
    {
      createTime?: long(name='CreateTime', description='域名代理Token创建时间，Unix时间戳格式，单位为毫秒。', example='1649830226000'),
      domainId?: string(name='DomainId', description='域名ID。', example='dm_examplexxxx'),
      domainProxyToken?: string(name='DomainProxyToken', description='域名代理Token。', example='PTxxxxxxxx'),
      domainProxyTokenId?: string(name='DomainProxyTokenId', description='域名代理Token ID。', example='pt_examplexxxx'),
      instanceId?: string(name='InstanceId', description='实例ID。', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
      lastUsedTime?: long(name='LastUsedTime', description='域名代理Token最近使用时间，Unix时间戳格式，单位为毫秒。', example='1649830226000'),
      status?: string(name='Status', description='token状态，枚举类型：(enabled）启用,（disabled）禁用。', example='enabled'),
      updateTime?: long(name='UpdateTime', description='域名代理Token最近更新时间，Unix时间戳格式，单位为毫秒。', example='1649830226000'),
    }
  ](name='DomainProxyTokens'),
  requestId?: string(name='RequestId', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model ListDomainProxyTokensResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListDomainProxyTokensResponseBody(name='body'),
}

/**
 * @summary 列表查询域名代理Token信息。
 *
 * @param request ListDomainProxyTokensRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListDomainProxyTokensResponse
 */
async function listDomainProxyTokensWithOptions(request: ListDomainProxyTokensRequest, runtime: $RuntimeOptions): ListDomainProxyTokensResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.domainId)) {
    query['DomainId'] = request.domainId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'ListDomainProxyTokens',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 列表查询域名代理Token信息。
 *
 * @param request ListDomainProxyTokensRequest
 * @return ListDomainProxyTokensResponse
 */
async function listDomainProxyTokens(request: ListDomainProxyTokensRequest): ListDomainProxyTokensResponse {
  var runtime = new $RuntimeOptions{};
  return listDomainProxyTokensWithOptions(request, runtime);
}

model ListDomainsRequest {
  instanceId?: string(name='InstanceId', description='IDaaS EIAM实例的ID。

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model ListDomainsResponseBody = {
  domains?: [ 
    {
      createTime?: long(name='CreateTime', description='域名创建时间，Unix时间戳格式，单位为毫秒。', example='1649830226000'),
      defaultDomain?: boolean(name='DefaultDomain', description='是否默认域名。true表示实例默认域名，false表示非默认域名', example='false'),
      domain?: string(name='Domain', description='域名。', example='www.example.com'),
      domainId?: string(name='DomainId', description='域名ID。', example='dm_examplexxxxx'),
      domainType?: string(name='DomainType', description='域名类型。枚举取值:system_init(系统初始化)、user_custom(用户自定义)。', example='system_init'),
      filing?: {
        icpNumber?: string(name='IcpNumber', description='域名关联的备案号, 长度最大限制64。'),
      }(name='Filing', description='域名备案信息。'),
      instanceId?: string(name='InstanceId', description='实例ID。', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
      lockMode?: string(name='LockMode', description='域名锁定状态。枚举取值:unlock(正常)、lockByLicense(因License限制不可用)。', example='unlock'),
      updateTime?: long(name='UpdateTime', description='域名最近更新时间，Unix时间戳格式，单位为毫秒。', example='1649830226000'),
    }
  ](name='Domains'),
  requestId?: string(name='RequestId', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model ListDomainsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListDomainsResponseBody(name='body'),
}

/**
 * @summary 列表查询域名记录。
 *
 * @param request ListDomainsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListDomainsResponse
 */
async function listDomainsWithOptions(request: ListDomainsRequest, runtime: $RuntimeOptions): ListDomainsResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'ListDomains',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 列表查询域名记录。
 *
 * @param request ListDomainsRequest
 * @return ListDomainsResponse
 */
async function listDomains(request: ListDomainsRequest): ListDomainsResponse {
  var runtime = new $RuntimeOptions{};
  return listDomainsWithOptions(request, runtime);
}

model ListEiamInstancesRequest {
  instanceIds?: [ string ](name='InstanceIds', description='实例ID列表，支持0到100个'),
  instanceRegionId?: string(name='InstanceRegionId', description='实例所属Region', example='cn-hangzhou'),
}

model ListEiamInstancesResponseBody = {
  instances?: [ 
    {
      description?: string(name='Description', description='实例描述信息'),
      developerAPIPrivateDomain?: string(name='DeveloperAPIPrivateDomain', description='实例developer私网域名地址', example='eiam-developerapi-cn.vpc-proxy.aliyuncs.com'),
      developerAPIPublicDomain?: string(name='DeveloperAPIPublicDomain', description='实例developer公网域名地址', example='eiam-developerapi.cn-hangzhou.aliyuncs.com'),
      instanceId?: string(name='InstanceId', description='实例id', example='idaas_eypq6ljgyeuwmlw672sulxxxxx'),
      instanceStatus?: string(name='InstanceStatus', description='实例状态，Pending(初始状态)、Creating(创建中)、Running(运行中)、Disabled(禁用)、CreateFailed(创建失败)', example='RUNNING'),
      instanceVersion?: string(name='InstanceVersion', description='实例版本，EIAM2.0/ EIAM1.0', example='EIAM 2.0'),
      openAPIPrivateDomain?: string(name='OpenAPIPrivateDomain', description='实例openApi私网域名地址', example='eiam-cn.vpc-proxy.aliyuncs.com'),
      openAPIPublicDomain?: string(name='OpenAPIPublicDomain', description='实例openApi公网域名地址', example='eiam.cn-hangzhou.aliyuncs.com'),
      SSODomain?: string(name='SSODomain', description='实例域名地址', example='xxxx.aliyunidaas.com'),
      startTime?: long(name='StartTime', description='实例的创建时间', example='1677810869300'),
    }
  ](name='Instances'),
  requestId?: string(name='RequestId', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model ListEiamInstancesResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListEiamInstancesResponseBody(name='body'),
}

/**
 * @summary 查询EIAM2.0/EIAM1.0实例列表
 *
 * @param request ListEiamInstancesRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListEiamInstancesResponse
 */
async function listEiamInstancesWithOptions(request: ListEiamInstancesRequest, runtime: $RuntimeOptions): ListEiamInstancesResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceIds)) {
    query['InstanceIds'] = request.instanceIds;
  }
  if (!$isNull(request.instanceRegionId)) {
    query['InstanceRegionId'] = request.instanceRegionId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'ListEiamInstances',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 查询EIAM2.0/EIAM1.0实例列表
 *
 * @param request ListEiamInstancesRequest
 * @return ListEiamInstancesResponse
 */
async function listEiamInstances(request: ListEiamInstancesRequest): ListEiamInstancesResponse {
  var runtime = new $RuntimeOptions{};
  return listEiamInstancesWithOptions(request, runtime);
}

model ListEiamRegionsResponseBody = {
  regions?: [ 
    {
      localName?: string(name='LocalName', description='地域名称', example='华东1（杭州）'),
      regionId?: string(name='RegionId', description='地域ID', example='cn-hangzhou'),
    }
  ](name='Regions'),
  requestId?: string(name='RequestId', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model ListEiamRegionsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListEiamRegionsResponseBody(name='body'),
}

/**
 * @summary 查询EIAM2.0/EIAM1.0地域列表
 *
 * @param request ListEiamRegionsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListEiamRegionsResponse
 */
async function listEiamRegionsWithOptions(runtime: $RuntimeOptions): ListEiamRegionsResponse {
  var req = new OpenApiUtil.OpenApiRequest{};
  var params = new OpenApiUtil.Params{
    action = 'ListEiamRegions',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 查询EIAM2.0/EIAM1.0地域列表
 *
 * @return ListEiamRegionsResponse
 */
async function listEiamRegions(): ListEiamRegionsResponse {
  var runtime = new $RuntimeOptions{};
  return listEiamRegionsWithOptions(runtime);
}

model ListGroupsRequest {
  groupExternalId?: string(name='GroupExternalId', description='The external ID of the group.', example='group_external_id'),
  groupIds?: [ string ](name='GroupIds', description='The group IDs.'),
  groupName?: string(name='GroupName', description='The name of the group. If you specify this parameter, the query is based on an exact match.', example='name_test'),
  groupNameStartsWith?: string(name='GroupNameStartsWith', description='The prefix of the group name. If you specify this parameter, the query follows the leftmost matching principle.', example='name'),
  instanceId?: string(name='InstanceId', description='The instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  pageNumber?: long(name='PageNumber', description='The number of the page to return.', example='1'),
  pageSize?: long(name='PageSize', description='The number of entries to return on each page.', example='20'),
}

model ListGroupsResponseBody = {
  groups?: [ 
    {
      createTime?: long(name='CreateTime', description='The time at which the group was created. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since January 1, 1970, 00:00:00 UTC.', example='1652085686179'),
      description?: string(name='Description', description='The description of the group.', example='test group'),
      groupExternalId?: string(name='GroupExternalId', description='The external ID of the group, which can be used to associate the group with an external system. By default, the external ID is the group ID.', example='group_d6sbsuumeta4h66ec3il7yxxxx'),
      groupId?: string(name='GroupId', description='The group ID.', example='group_d6sbsuumeta4h66ec3il7yxxxx'),
      groupName?: string(name='GroupName', description='The name of the group.', example='group_name'),
      groupSourceId?: string(name='GroupSourceId', description='The source ID of the group. If the group was imported from other services, this value indicates the external source ID. By default, the source ID is the instance ID.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
      groupSourceType?: string(name='GroupSourceType', description='The source type of the group. Only build_in may be returned, which indicates that the group was created in IDaaS.', example='build_in'),
      instanceId?: string(name='InstanceId', description='The instance ID.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
      updateTime?: long(name='UpdateTime', description='The time at which the group was last updated. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since January 1, 1970, 00:00:00 UTC.', example='1652085686179'),
    }
  ](name='Groups', description='The queried account groups.'),
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
  totalCount?: long(name='TotalCount', description='The total number of entries returned. The maximum number of entries returned at a time depends on the value of PageSize.', example='100'),
}

model ListGroupsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListGroupsResponseBody(name='body'),
}

/**
 * @summary Queries a list of account groups in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM).
 *
 * @param request ListGroupsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListGroupsResponse
 */
async function listGroupsWithOptions(request: ListGroupsRequest, runtime: $RuntimeOptions): ListGroupsResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.groupExternalId)) {
    query['GroupExternalId'] = request.groupExternalId;
  }
  if (!$isNull(request.groupIds)) {
    query['GroupIds'] = request.groupIds;
  }
  if (!$isNull(request.groupName)) {
    query['GroupName'] = request.groupName;
  }
  if (!$isNull(request.groupNameStartsWith)) {
    query['GroupNameStartsWith'] = request.groupNameStartsWith;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.pageNumber)) {
    query['PageNumber'] = request.pageNumber;
  }
  if (!$isNull(request.pageSize)) {
    query['PageSize'] = request.pageSize;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'ListGroups',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries a list of account groups in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM).
 *
 * @param request ListGroupsRequest
 * @return ListGroupsResponse
 */
async function listGroups(request: ListGroupsRequest): ListGroupsResponse {
  var runtime = new $RuntimeOptions{};
  return listGroupsWithOptions(request, runtime);
}

model ListGroupsForApplicationRequest {
  applicationId?: string(name='ApplicationId', description='The application ID.

This parameter is required.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
  groupIds?: [ string ](name='GroupIds', description='The group IDs. You can specify up to 100 group IDs at a time.', example='group_miu8e4t4d7i4u7uwezgr54xxxx'),
  instanceId?: string(name='InstanceId', description='The instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  pageNumber?: long(name='PageNumber', description='The page number.', example='1'),
  pageSize?: long(name='PageSize', description='The number of entries per page.', example='20'),
}

model ListGroupsForApplicationResponseBody = {
  groups?: [ 
    {
      groupId?: string(name='GroupId', description='The group ID.', example='group_miu8e4t4d7i4u7uwezgr54xxxx'),
    }
  ](name='Groups', description='The group IDs.'),
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
  totalCount?: long(name='TotalCount', description='The total number of entries returned.', example='100'),
}

model ListGroupsForApplicationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListGroupsForApplicationResponseBody(name='body'),
}

/**
 * @summary Queries a list of account groups to which the permissions to access an application are granted. The returned results contain the group IDs. You can call the GetGroup operation to query the information about an account group based on the group ID.
 *
 * @param request ListGroupsForApplicationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListGroupsForApplicationResponse
 */
async function listGroupsForApplicationWithOptions(request: ListGroupsForApplicationRequest, runtime: $RuntimeOptions): ListGroupsForApplicationResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.applicationId)) {
    query['ApplicationId'] = request.applicationId;
  }
  if (!$isNull(request.groupIds)) {
    query['GroupIds'] = request.groupIds;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.pageNumber)) {
    query['PageNumber'] = request.pageNumber;
  }
  if (!$isNull(request.pageSize)) {
    query['PageSize'] = request.pageSize;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'ListGroupsForApplication',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries a list of account groups to which the permissions to access an application are granted. The returned results contain the group IDs. You can call the GetGroup operation to query the information about an account group based on the group ID.
 *
 * @param request ListGroupsForApplicationRequest
 * @return ListGroupsForApplicationResponse
 */
async function listGroupsForApplication(request: ListGroupsForApplicationRequest): ListGroupsForApplicationResponse {
  var runtime = new $RuntimeOptions{};
  return listGroupsForApplicationWithOptions(request, runtime);
}

model ListGroupsForUserRequest {
  instanceId?: string(name='InstanceId', description='The instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  pageNumber?: long(name='PageNumber', description='The number of the page to return.', example='1'),
  pageSize?: long(name='PageSize', description='The number of entries to return on each page.', example='20'),
  userId?: string(name='UserId', description='The account ID.

This parameter is required.', example='user_d6sbsuumeta4h66ec3il7yxxxx'),
}

model ListGroupsForUserResponseBody = {
  groups?: [ 
    {
      groupId?: string(name='GroupId', description='The group ID.', example='group_d6sbsuumeta4h66ec3il7yxxxx'),
      groupMemberRelationSourceId?: string(name='GroupMemberRelationSourceId', description='Account membership source ID', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
      groupMemberRelationSourceType?: string(name='GroupMemberRelationSourceType', description='Account membership source type', example='build_in'),
    }
  ](name='Groups', description='The queried account groups.'),
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
  totalCount?: long(name='TotalCount', description='The total number of entries returned. The maximum number of entries returned at a time depends on the value of PageSize.', example='1000'),
}

model ListGroupsForUserResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListGroupsForUserResponseBody(name='body'),
}

/**
 * @summary Queries a list of account groups to which an Employee Identity and Access Management (EIAM) account of Identity as a Service (IDaaS) belongs.
 *
 * @param request ListGroupsForUserRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListGroupsForUserResponse
 */
async function listGroupsForUserWithOptions(request: ListGroupsForUserRequest, runtime: $RuntimeOptions): ListGroupsForUserResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.pageNumber)) {
    query['PageNumber'] = request.pageNumber;
  }
  if (!$isNull(request.pageSize)) {
    query['PageSize'] = request.pageSize;
  }
  if (!$isNull(request.userId)) {
    query['UserId'] = request.userId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'ListGroupsForUser',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries a list of account groups to which an Employee Identity and Access Management (EIAM) account of Identity as a Service (IDaaS) belongs.
 *
 * @param request ListGroupsForUserRequest
 * @return ListGroupsForUserResponse
 */
async function listGroupsForUser(request: ListGroupsForUserRequest): ListGroupsForUserResponse {
  var runtime = new $RuntimeOptions{};
  return listGroupsForUserWithOptions(request, runtime);
}

model ListIdentityProvidersRequest {
  instanceId?: string(name='InstanceId', description='IDaaS EIAM实例的ID。

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  pageNumber?: long(name='PageNumber', description='当前查询的列表页码，默认为1。', example='1'),
  pageSize?: long(name='PageSize', description='当前查询的列表页码，默认为20。', example='20'),
}

model ListIdentityProvidersResponseBody = {
  identityProviders?: [ 
    {
      advancedStatus?: string(name='AdvancedStatus', description='高阶配置能力', example='disabled'),
      authnSourceSupplier?: string(name='AuthnSourceSupplier', description='IDaaS EIAM 对应的认证来源产品，okta or google or azure ad', example='urn:alibaba:idaas:idp:bytedance:lark'),
      authnSourceType?: string(name='AuthnSourceType', description='IDaaS EIAM 认证方式类型 oidc or saml', example='urn:alibaba:idaas:authntype:oidc'),
      authnStatus?: string(name='AuthnStatus', description='IDaaS EIAM 对应IdP是否支持认证', example='disabled'),
      createTime?: long(name='CreateTime', example='1712561597000'),
      description?: string(name='Description', description='IDaaS EIAM 身份提供方描述'),
      identityProviderExternalId?: string(name='IdentityProviderExternalId', description='IDaaS EIAM 身份提供方外部ID', example='test_123'),
      identityProviderId?: string(name='IdentityProviderId', description='IDaaS EIAM 身份提供方ID', example='idp_m5b5wd5s2hpq4t6iaehhXXX'),
      identityProviderName?: string(name='IdentityProviderName', description='IDaaS EIAM 身份提供方名称'),
      identityProviderType?: string(name='IdentityProviderType', description='身份提供方同步类型', example='urn:alibaba:idaas:idp:bytedance:lark:pull'),
      incrementalCallbackStatus?: string(name='IncrementalCallbackStatus', description='增量回调状态，是否处理来自IdP的增量回调数据', example='enabled'),
      instanceId?: string(name='InstanceId', description='IDaaS EIAM 实例Id', example='idaas_pbf4dth34l2qb7mydpntXXX'),
      lastStatusCheckJobResult?: string(name='LastStatusCheckJobResult', example='success'),
      lockReason?: string(name='LockReason', description='锁定原因', example='financial'),
      logoUrl?: string(name='LogoUrl', example='https://cdn-cn-hangzhou.aliyunidaas.com/xx/logos/xx'),
      periodicSyncStatus?: string(name='PeriodicSyncStatus', example='disabled'),
      udPullStatus?: string(name='UdPullStatus', description='IDaaS EIAM 是否支持UD同步', example='disabled'),
      udPullTargetScope?: string(name='UdPullTargetScope', description='当支持ud_pullIDaaS侧UD中的范围', example='ou_2buqmxsa3ltyqkjgpwfijurXXX'),
      udPushStatus?: string(name='UdPushStatus', description='同步出能力', example='disabled'),
      updateTime?: long(name='UpdateTime', example='1712561597000'),
    }
  ](name='IdentityProviders'),
  requestId?: string(name='RequestId', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
  totalCount?: long(name='TotalCount', example='100'),
}

model ListIdentityProvidersResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListIdentityProvidersResponseBody(name='body'),
}

/**
 * @summary 查询身份提供方
 *
 * @param request ListIdentityProvidersRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListIdentityProvidersResponse
 */
async function listIdentityProvidersWithOptions(request: ListIdentityProvidersRequest, runtime: $RuntimeOptions): ListIdentityProvidersResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.pageNumber)) {
    query['PageNumber'] = request.pageNumber;
  }
  if (!$isNull(request.pageSize)) {
    query['PageSize'] = request.pageSize;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'ListIdentityProviders',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 查询身份提供方
 *
 * @param request ListIdentityProvidersRequest
 * @return ListIdentityProvidersResponse
 */
async function listIdentityProviders(request: ListIdentityProvidersRequest): ListIdentityProvidersResponse {
  var runtime = new $RuntimeOptions{};
  return listIdentityProvidersWithOptions(request, runtime);
}

model ListInstancesRequest {
  instanceIds?: [ string ](name='InstanceIds', description='The list of instance IDs.'),
  pageNumber?: long(name='PageNumber', description='The number of the page to return.', example='1'),
  pageSize?: long(name='PageSize', description='The number of entries to return on each page.', example='20'),
  status?: string(name='Status', description='The status of the instance. Valid values:

*   creating
*   running', example='running'),
}

model ListInstancesResponseBody = {
  instances?: [ 
    {
      createTime?: long(name='CreateTime', description='The time when the instance was created. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since January 1, 1970, 00:00:00 UTC.', example='1550115455000'),
      defaultEndpoint?: {
        endpoint?: string(name='Endpoint', description='The endpoint of the instance.', example='example-xxx.aliyunidaas.com'),
        status?: string(name='Status', description='The status of the endpoint. Valid values:

*   resolved
*   unresolved', example='resolved'),
      }(name='DefaultEndpoint', description='The default endpoint of the instance.'),
      description?: string(name='Description', description='The description of the instance.'),
      instanceId?: string(name='InstanceId', description='The instance ID.', example='idaas_eypq6ljgyeuwmlw672sulxxxxx'),
      status?: string(name='Status', description='The status of the instance. Valid values:

*   creating
*   running', example='running'),
    }
  ](name='Instances', description='The information of instances.'),
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
  totalCount?: long(name='TotalCount', description='The total number of entries returned.', example='100'),
}

model ListInstancesResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListInstancesResponseBody(name='body'),
}

/**
 * @summary Queries the information of one or more Enterprise Identity and Access Management (EIAM) instances of Identity as a Service (IDaaS).
 *
 * @param request ListInstancesRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListInstancesResponse
 */
async function listInstancesWithOptions(request: ListInstancesRequest, runtime: $RuntimeOptions): ListInstancesResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceIds)) {
    query['InstanceIds'] = request.instanceIds;
  }
  if (!$isNull(request.pageNumber)) {
    query['PageNumber'] = request.pageNumber;
  }
  if (!$isNull(request.pageSize)) {
    query['PageSize'] = request.pageSize;
  }
  if (!$isNull(request.status)) {
    query['Status'] = request.status;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'ListInstances',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the information of one or more Enterprise Identity and Access Management (EIAM) instances of Identity as a Service (IDaaS).
 *
 * @param request ListInstancesRequest
 * @return ListInstancesResponse
 */
async function listInstances(request: ListInstancesRequest): ListInstancesResponse {
  var runtime = new $RuntimeOptions{};
  return listInstancesWithOptions(request, runtime);
}

model ListNetworkAccessEndpointAvailableRegionsResponseBody = {
  regions?: [ 
    {
      localName?: string(name='LocalName', description='地域名称。', example='华东1（杭州）'),
      regionId?: string(name='RegionId', description='地域ID。', example='cn-hangzhou'),
    }
  ](name='Regions'),
  requestId?: string(name='RequestId', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model ListNetworkAccessEndpointAvailableRegionsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListNetworkAccessEndpointAvailableRegionsResponseBody(name='body'),
}

/**
 * @summary 获取支持专属端点的region列表
 *
 * @param request ListNetworkAccessEndpointAvailableRegionsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListNetworkAccessEndpointAvailableRegionsResponse
 */
async function listNetworkAccessEndpointAvailableRegionsWithOptions(runtime: $RuntimeOptions): ListNetworkAccessEndpointAvailableRegionsResponse {
  var req = new OpenApiUtil.OpenApiRequest{};
  var params = new OpenApiUtil.Params{
    action = 'ListNetworkAccessEndpointAvailableRegions',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 获取支持专属端点的region列表
 *
 * @return ListNetworkAccessEndpointAvailableRegionsResponse
 */
async function listNetworkAccessEndpointAvailableRegions(): ListNetworkAccessEndpointAvailableRegionsResponse {
  var runtime = new $RuntimeOptions{};
  return listNetworkAccessEndpointAvailableRegionsWithOptions(runtime);
}

model ListNetworkAccessEndpointAvailableZonesRequest {
  naeRegionId?: string(name='NaeRegionId', description='专属网络端点支持的地域

This parameter is required.', example='cn-hangzhou'),
}

model ListNetworkAccessEndpointAvailableZonesResponseBody = {
  requestId?: string(name='RequestId', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
  zones?: [ 
    {
      localName?: string(name='LocalName', description='可用区名称。', example='华东1（杭州）可用区J'),
      zoneId?: string(name='ZoneId', description='可用区ID。', example='cn-hangzhou-j'),
    }
  ](name='Zones'),
}

model ListNetworkAccessEndpointAvailableZonesResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListNetworkAccessEndpointAvailableZonesResponseBody(name='body'),
}

/**
 * @summary 获取支持NAE的可用区列表
 *
 * @param request ListNetworkAccessEndpointAvailableZonesRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListNetworkAccessEndpointAvailableZonesResponse
 */
async function listNetworkAccessEndpointAvailableZonesWithOptions(request: ListNetworkAccessEndpointAvailableZonesRequest, runtime: $RuntimeOptions): ListNetworkAccessEndpointAvailableZonesResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.naeRegionId)) {
    query['NaeRegionId'] = request.naeRegionId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'ListNetworkAccessEndpointAvailableZones',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 获取支持NAE的可用区列表
 *
 * @param request ListNetworkAccessEndpointAvailableZonesRequest
 * @return ListNetworkAccessEndpointAvailableZonesResponse
 */
async function listNetworkAccessEndpointAvailableZones(request: ListNetworkAccessEndpointAvailableZonesRequest): ListNetworkAccessEndpointAvailableZonesResponse {
  var runtime = new $RuntimeOptions{};
  return listNetworkAccessEndpointAvailableZonesWithOptions(request, runtime);
}

model ListNetworkAccessEndpointsRequest {
  instanceId?: string(name='InstanceId', description='IDaaS EIAM实例的ID。

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  maxResults?: long(name='MaxResults', description='分页查询时每页行数。默认值为20，最大值为100。', example='20'),
  networkAccessEndpointStatus?: string(name='NetworkAccessEndpointStatus', description='专属网络端点连接的状态。NetworkAccessEndpointType取值为shared时不生效。', example='running'),
  networkAccessEndpointType?: string(name='NetworkAccessEndpointType', description='专属网络端点连接的类型。取值可选范围：1. private - 专属网络端点；2. shared - 共享网络端点', example='private'),
  nextToken?: string(name='NextToken', description='查询凭证（Token），取值为上一次API调用返回的NextToken参数值。', example='NTxxxxxexample'),
  vpcId?: string(name='VpcId', description='专属网络端点连接的Vpc ID。NetworkAccessEndpointType取值为shared时不生效。', example='vpc-examplexxx'),
  vpcRegionId?: string(name='VpcRegionId', description='专属网络端点连接的Vpc所属地域，该地域取值必须在ListNetworkAccessEndpointAvailableRegions接口中返回。NetworkAccessEndpointType取值为shared时不生效。', example='cn-hangzhou'),
}

model ListNetworkAccessEndpointsResponseBody = {
  networkAccessEndpoints?: [ 
    {
      createTime?: long(name='CreateTime', description='专属网络端点创建时间，Unix时间戳格式，单位为毫秒。', example='1649830226000'),
      instanceId?: string(name='InstanceId', description='实例ID。', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
      networkAccessEndpointId?: string(name='NetworkAccessEndpointId', description='专属网络端点ID。', example='nae_examplexxx'),
      networkAccessEndpointName?: string(name='NetworkAccessEndpointName', description='专属网络端点名称。', example='xx业务VPC访问端点'),
      networkAccessEndpointType?: string(name='NetworkAccessEndpointType', description='专属网络端点连接的类型。', example='private'),
      securityGroupId?: string(name='SecurityGroupId', description='专属网络端点使用的安全组ID。', example='sg-examplexxx'),
      status?: string(name='Status', description='专属网络端点状态。', example='running'),
      updateTime?: long(name='UpdateTime', description='专属网络端点最近更新时间，Unix时间戳格式，单位为毫秒。', example='1649830226000'),
      vSwitchIds?: [ string ](name='VSwitchIds', description='专属网络端点连接的指定vSwitch列表。', example='vsw-examplexxx'),
      vpcId?: string(name='VpcId', description='专属网络端点连接的VpcID。', example='vpc-examplexxx'),
      vpcRegionId?: string(name='VpcRegionId', description='专属网络端点连接的Vpc所属地域。', example='cn-hangzhou'),
    }
  ](name='NetworkAccessEndpoints'),
  nextToken?: string(name='NextToken', description='本次调用返回的查询凭证（Token）值，用于下一次翻页查询。', example='NTxxxexample'),
  requestId?: string(name='RequestId', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
  totalCount?: long(name='TotalCount', example='100'),
}

model ListNetworkAccessEndpointsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListNetworkAccessEndpointsResponseBody(name='body'),
}

/**
 * @summary 列表查询专属网络端点。
 *
 * @param request ListNetworkAccessEndpointsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListNetworkAccessEndpointsResponse
 */
async function listNetworkAccessEndpointsWithOptions(request: ListNetworkAccessEndpointsRequest, runtime: $RuntimeOptions): ListNetworkAccessEndpointsResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.maxResults)) {
    query['MaxResults'] = request.maxResults;
  }
  if (!$isNull(request.networkAccessEndpointStatus)) {
    query['NetworkAccessEndpointStatus'] = request.networkAccessEndpointStatus;
  }
  if (!$isNull(request.networkAccessEndpointType)) {
    query['NetworkAccessEndpointType'] = request.networkAccessEndpointType;
  }
  if (!$isNull(request.nextToken)) {
    query['NextToken'] = request.nextToken;
  }
  if (!$isNull(request.vpcId)) {
    query['VpcId'] = request.vpcId;
  }
  if (!$isNull(request.vpcRegionId)) {
    query['VpcRegionId'] = request.vpcRegionId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'ListNetworkAccessEndpoints',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 列表查询专属网络端点。
 *
 * @param request ListNetworkAccessEndpointsRequest
 * @return ListNetworkAccessEndpointsResponse
 */
async function listNetworkAccessEndpoints(request: ListNetworkAccessEndpointsRequest): ListNetworkAccessEndpointsResponse {
  var runtime = new $RuntimeOptions{};
  return listNetworkAccessEndpointsWithOptions(request, runtime);
}

model ListNetworkAccessPathsRequest {
  instanceId?: string(name='InstanceId', description='IDaaS EIAM实例的ID。

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  networkAccessEndpointId?: string(name='NetworkAccessEndpointId', description='专属网络端点ID。

This parameter is required.', example='nae_examplexxxx'),
}

model ListNetworkAccessPathsResponseBody = {
  networkAccessPaths?: [ 
    {
      createTime?: long(name='CreateTime', description='专属网络端点访问路径创建时间，Unix时间戳格式，单位为毫秒。', example='1649830226000'),
      instanceId?: string(name='InstanceId', description='实例ID。', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
      networkAccessEndpointId?: string(name='NetworkAccessEndpointId', description='专属网络端点ID。', example='nae_examplexxx'),
      networkAccessPathId?: string(name='NetworkAccessPathId', description='专属网络端点访问路径ID。', example='nap_examplexxx'),
      networkInterfaceId?: string(name='NetworkInterfaceId', description='专属网络端点访问路径使用的ENI ID。', example='eni-examplexxx'),
      privateIpAddress?: string(name='PrivateIpAddress', description='专属网络端点访问路径使用的ENI私网地址。', example='cn-hangzhou'),
      status?: string(name='Status', description='专属网络端点访问路径状态。', example='running'),
      updateTime?: long(name='UpdateTime', description='专属网络端点访问路径最近更新时间，Unix时间戳格式，单位为毫秒。', example='1649830226000'),
      vSwitchId?: string(name='VSwitchId', description='专属网络端点访问路径的ENI归属的交换机ID。', example='vsw-examplexxx'),
    }
  ](name='NetworkAccessPaths'),
  requestId?: string(name='RequestId', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model ListNetworkAccessPathsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListNetworkAccessPathsResponseBody(name='body'),
}

/**
 * @summary 列表查询某个网络访问端点下的访问路径。
 *
 * @param request ListNetworkAccessPathsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListNetworkAccessPathsResponse
 */
async function listNetworkAccessPathsWithOptions(request: ListNetworkAccessPathsRequest, runtime: $RuntimeOptions): ListNetworkAccessPathsResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.networkAccessEndpointId)) {
    query['NetworkAccessEndpointId'] = request.networkAccessEndpointId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'ListNetworkAccessPaths',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 列表查询某个网络访问端点下的访问路径。
 *
 * @param request ListNetworkAccessPathsRequest
 * @return ListNetworkAccessPathsResponse
 */
async function listNetworkAccessPaths(request: ListNetworkAccessPathsRequest): ListNetworkAccessPathsResponse {
  var runtime = new $RuntimeOptions{};
  return listNetworkAccessPathsWithOptions(request, runtime);
}

model ListOrganizationalUnitParentsRequest {
  instanceId?: string(name='InstanceId', description='IDaaS EIAM实例的ID。

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  organizationalUnitId?: string(name='OrganizationalUnitId', description='组织ID。

This parameter is required.', example='ou_wovwffm62xifdziem7an7xxxxx'),
}

model ListOrganizationalUnitParentsResponseBody = {
  parents?: [ 
    {
      organizationalUnitId?: string(name='OrganizationalUnitId', description='组织ID', example='ou_4lag76zc2km5ssg5vsmm2lznvu'),
      parentId?: string(name='ParentId', description='父组织ID', example='ou_x3beoyepv2ls5iwuge3xhjkwbm'),
    }
  ](name='Parents'),
  requestId?: string(name='RequestId', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model ListOrganizationalUnitParentsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListOrganizationalUnitParentsResponseBody(name='body'),
}

/**
 * @summary 查询组织的所有父级路径
 *
 * @param request ListOrganizationalUnitParentsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListOrganizationalUnitParentsResponse
 */
async function listOrganizationalUnitParentsWithOptions(request: ListOrganizationalUnitParentsRequest, runtime: $RuntimeOptions): ListOrganizationalUnitParentsResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.organizationalUnitId)) {
    query['OrganizationalUnitId'] = request.organizationalUnitId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'ListOrganizationalUnitParents',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 查询组织的所有父级路径
 *
 * @param request ListOrganizationalUnitParentsRequest
 * @return ListOrganizationalUnitParentsResponse
 */
async function listOrganizationalUnitParents(request: ListOrganizationalUnitParentsRequest): ListOrganizationalUnitParentsResponse {
  var runtime = new $RuntimeOptions{};
  return listOrganizationalUnitParentsWithOptions(request, runtime);
}

model ListOrganizationalUnitsRequest {
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  organizationalUnitIds?: [ string ](name='OrganizationalUnitIds', description='The IDs of organizational units.', example='[ou_wovwffm62xifdziem7an7xxxxx]'),
  organizationalUnitName?: string(name='OrganizationalUnitName', description='The name of the organizational unit.', example='name_001'),
  organizationalUnitNameStartsWith?: string(name='OrganizationalUnitNameStartsWith', description='Organization name, matching left', example='name'),
  pageNumber?: long(name='PageNumber', description='The number of the page to return. Default value: 1.', example='1'),
  pageSize?: long(name='PageSize', description='The number of entries to return on each page. Default value: 20.', example='20'),
  parentId?: string(name='ParentId', description='The ID of the parent organizational unit.', example='ou_wovwffm62xifdziem7an7xxxxx'),
}

model ListOrganizationalUnitsResponseBody = {
  organizationalUnits?: [ 
    {
      createTime?: long(name='CreateTime', description='The time when the organizational unit was created. This value is a UNIX timestamp. Unit: milliseconds.', example='1652085686179'),
      description?: string(name='Description', description='The description of the organizational unit.', example='Test organizational unit'),
      instanceId?: string(name='InstanceId', description='The ID of the instance.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
      leaf?: boolean(name='Leaf', description='Indicates whether the node is a leaf node.', example='false'),
      organizationalUnitExternalId?: string(name='OrganizationalUnitExternalId', description='The external ID of the organizational unit. The external ID can be used by external data to map the data of the organizational unit in IDaaS EIAM. By default, the external ID is the organizational unit ID.

For organizational units with the same source type and source ID, each organizational unit has a unique external ID.', example='ou_wovwffm62xifdziem7an7xxxxx'),
      organizationalUnitId?: string(name='OrganizationalUnitId', description='The ID of the organizational unit.', example='ou_wovwffm62xifdziem7an7xxxxx'),
      organizationalUnitName?: string(name='OrganizationalUnitName', description='组织名称。', example='test_organizationalUnit_name'),
      organizationalUnitSourceId?: string(name='OrganizationalUnitSourceId', description='The source ID of the organizational unit.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
      organizationalUnitSourceType?: string(name='OrganizationalUnitSourceType', description='The source type of the organizational unit. Valid values:

*   build_in: The organizational unit was created in IDaaS.
*   ding_talk: The organizational unit was imported from DingTalk.
*   ad: The organizational unit was imported from Microsoft Active Directory (AD).
*   ldap: The organizational unit was imported from a Lightweight Directory Access Protocol (LDAP) service.', example='build_in'),
      parentId?: string(name='ParentId', description='The ID of the parent organizational unit.', example='ou_wovwffm62xifdziem7an7xxxxx'),
      updateTime?: long(name='UpdateTime', description='The time when the organizational unit was last updated. The value is a UNIX timestamp. Unit: milliseconds.', example='1652085686179'),
    }
  ](name='OrganizationalUnits', description='The list of data objects of organizational units.'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
  totalCount?: long(name='TotalCount', description='The number of entries in the list.', example='100'),
}

model ListOrganizationalUnitsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListOrganizationalUnitsResponseBody(name='body'),
}

/**
 * @summary Queries the information about organizational units in Identity as a Service (IDaaS) Employee IAM (EIAM) by page.
 *
 * @param request ListOrganizationalUnitsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListOrganizationalUnitsResponse
 */
async function listOrganizationalUnitsWithOptions(request: ListOrganizationalUnitsRequest, runtime: $RuntimeOptions): ListOrganizationalUnitsResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.organizationalUnitIds)) {
    query['OrganizationalUnitIds'] = request.organizationalUnitIds;
  }
  if (!$isNull(request.organizationalUnitName)) {
    query['OrganizationalUnitName'] = request.organizationalUnitName;
  }
  if (!$isNull(request.organizationalUnitNameStartsWith)) {
    query['OrganizationalUnitNameStartsWith'] = request.organizationalUnitNameStartsWith;
  }
  if (!$isNull(request.pageNumber)) {
    query['PageNumber'] = request.pageNumber;
  }
  if (!$isNull(request.pageSize)) {
    query['PageSize'] = request.pageSize;
  }
  if (!$isNull(request.parentId)) {
    query['ParentId'] = request.parentId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'ListOrganizationalUnits',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the information about organizational units in Identity as a Service (IDaaS) Employee IAM (EIAM) by page.
 *
 * @param request ListOrganizationalUnitsRequest
 * @return ListOrganizationalUnitsResponse
 */
async function listOrganizationalUnits(request: ListOrganizationalUnitsRequest): ListOrganizationalUnitsResponse {
  var runtime = new $RuntimeOptions{};
  return listOrganizationalUnitsWithOptions(request, runtime);
}

model ListOrganizationalUnitsForApplicationRequest {
  applicationId?: string(name='ApplicationId', description='The ID of the application that you want to query.

This parameter is required.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  organizationalUnitIds?: [ string ](name='OrganizationalUnitIds', description='The IDs of the organizations that are allowed to access the application. You can query a maximum of 100 organization IDs at a time.', example='ou_wovwffm62xifdziem7an7xxxxx'),
  pageNumber?: long(name='PageNumber', description='The number of the page to return.', example='1'),
  pageSize?: long(name='PageSize', description='The number of entries to return on each page.', example='20'),
}

model ListOrganizationalUnitsForApplicationResponseBody = {
  organizationalUnits?: [ 
    {
      organizationalUnitId?: string(name='OrganizationalUnitId', description='The ID of the organization that is allowed to access the application.', example='ou_wovwffm62xifdziem7an7xxxxx'),
    }
  ](name='OrganizationalUnits', description='The IDs of the organizations that are allowed to access the application.'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
  totalCount?: long(name='TotalCount', description='The total number of the returned entries.', example='100'),
}

model ListOrganizationalUnitsForApplicationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListOrganizationalUnitsForApplicationResponseBody(name='body'),
}

/**
 * @summary Queries the organizations that are allowed to access an Employee Identity and Access Management (EIAM) application by page. The return result includes the IDs of the organizations. If you want to obtain the details of the organizations, call the GetOrganizationalUnit operation.
 *
 * @param request ListOrganizationalUnitsForApplicationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListOrganizationalUnitsForApplicationResponse
 */
async function listOrganizationalUnitsForApplicationWithOptions(request: ListOrganizationalUnitsForApplicationRequest, runtime: $RuntimeOptions): ListOrganizationalUnitsForApplicationResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.applicationId)) {
    query['ApplicationId'] = request.applicationId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.organizationalUnitIds)) {
    query['OrganizationalUnitIds'] = request.organizationalUnitIds;
  }
  if (!$isNull(request.pageNumber)) {
    query['PageNumber'] = request.pageNumber;
  }
  if (!$isNull(request.pageSize)) {
    query['PageSize'] = request.pageSize;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'ListOrganizationalUnitsForApplication',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the organizations that are allowed to access an Employee Identity and Access Management (EIAM) application by page. The return result includes the IDs of the organizations. If you want to obtain the details of the organizations, call the GetOrganizationalUnit operation.
 *
 * @param request ListOrganizationalUnitsForApplicationRequest
 * @return ListOrganizationalUnitsForApplicationResponse
 */
async function listOrganizationalUnitsForApplication(request: ListOrganizationalUnitsForApplicationRequest): ListOrganizationalUnitsForApplicationResponse {
  var runtime = new $RuntimeOptions{};
  return listOrganizationalUnitsForApplicationWithOptions(request, runtime);
}

model ListRegionsResponseBody = {
  regions?: [ 
    {
      localName?: string(name='LocalName', description='The name of the region.', example='China (Hangzhou)'),
      regionEndpoint?: string(name='RegionEndpoint', description='The endpoint of the region.', example='eiam.cn-hangzhou.aliyuncs.com'),
      regionId?: string(name='RegionId', description='The ID of the region.', example='cn-hangzhou'),
    }
  ](name='Regions', description='The supported regions.'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model ListRegionsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListRegionsResponseBody(name='body'),
}

/**
 * @summary Queries the supported Alibaba Cloud regions.
 *
 * @param request ListRegionsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListRegionsResponse
 */
async function listRegionsWithOptions(runtime: $RuntimeOptions): ListRegionsResponse {
  var req = new OpenApiUtil.OpenApiRequest{};
  var params = new OpenApiUtil.Params{
    action = 'ListRegions',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the supported Alibaba Cloud regions.
 *
 * @return ListRegionsResponse
 */
async function listRegions(): ListRegionsResponse {
  var runtime = new $RuntimeOptions{};
  return listRegionsWithOptions(runtime);
}

model ListSynchronizationJobsRequest {
  direction?: string(name='Direction', description='同步方向[ingress,egress]', example='ingress'),
  endTime?: long(name='EndTime', description='同步结束时间', example='1649830226000'),
  filters?: [ 
    {
      key?: string(name='Key'),
      values?: [ string ](name='Values'),
    }
  ](name='Filters'),
  instanceId?: string(name='InstanceId', description='IDaaS EIAM实例的ID。

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  maxResults?: long(name='MaxResults', description='分页查询时每页行数。默认值为20，最大值为100。', example='20'),
  nextToken?: string(name='NextToken', description='查询凭证（Token），取值为上一次API调用返回的NextToken参数值。', example='NTxxxxxexample'),
  pageNumber?: long(name='PageNumber', description='当前查询的列表页码，默认为1。', example='1'),
  pageSize?: long(name='PageSize', description='当前查询的列表页码，默认为20。', example='10'),
  startTime?: long(name='StartTime', description='同步开始时间', example='1649830226000'),
  status?: string(name='Status', description='同步状态[pending,running,suspending,failed,partial_success,success]', example='running'),
  targetIds?: [ string ](name='TargetIds', description='同步目标ID', example='target_001'),
  targetType?: string(name='TargetType', description='同步目标类型[identity_provider,organizational_unit,application,user]', example='identity_provider'),
}

model ListSynchronizationJobsResponseBody = {
  nextToken?: string(name='NextToken', description='本次调用返回的查询凭证（Token）值，用于下一次翻页查询。', example='NTxxxexample'),
  requestId?: string(name='RequestId', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
  synchronizationJobs?: [ 
    {
      description?: string(name='Description', example='描述'),
      direction?: string(name='Direction', description='同步任务方向', example='ingress'),
      endTime?: long(name='EndTime', description='同步结束时间', example='1649830226000'),
      result?: {
        errorCode?: string(name='ErrorCode', description='同步结果错误码', example='ErrorCodeNotFound'),
        errorMessage?: string(name='ErrorMessage', description='同步结果错误信息描述'),
        groupMemberStatistics?: {
          binded?: {
            failed?: long(name='Failed', description='失败数目', example='1'),
            skipped?: long(name='Skipped', description='跳过数目', example='1'),
            success?: long(name='Success', description='成功数目', example='1'),
            total?: long(name='Total', description='总共数目', example='3'),
          }(name='Binded', description='绑定结果统计'),
          created?: {
            failed?: long(name='Failed', description='失败数目', example='1'),
            skipped?: long(name='Skipped', description='跳过数目', example='1'),
            success?: long(name='Success', description='成功数目', example='1'),
            total?: long(name='Total', description='总共数目', example='3'),
          }(name='Created', description='创建结果统计'),
          deleted?: {
            failed?: long(name='Failed', description='失败数目', example='1'),
            skipped?: long(name='Skipped', description='跳过数目', example='1'),
            success?: long(name='Success', description='成功数目', example='1'),
            total?: long(name='Total', description='总共数目', example='3'),
          }(name='Deleted', description='删除结果统计'),
          pushed?: {
            failed?: long(name='Failed', description='失败数目', example='1'),
            skipped?: long(name='Skipped', description='跳过数目', example='1'),
            success?: long(name='Success', description='成功数目', example='1'),
            total?: long(name='Total', description='总共数目', example='3'),
          }(name='Pushed', description='推送结果统计'),
          same?: {
            failed?: long(name='Failed', description='失败数目', example='1'),
            skipped?: long(name='Skipped', description='跳过数目', example='1'),
            success?: long(name='Success', description='成功数目', example='1'),
            total?: long(name='Total', description='总共数目', example='3'),
          }(name='Same', description='相同结果统计'),
          updated?: {
            failed?: long(name='Failed', description='失败数目', example='1'),
            skipped?: long(name='Skipped', description='跳过数目', example='1'),
            success?: long(name='Success', description='成功数目', example='1'),
            total?: long(name='Total', description='总共数目', example='3'),
          }(name='Updated', description='更新结果统计'),
        }(name='GroupMemberStatistics', description='组成员同步结果统计'),
        groupStatistics?: {
          binded?: {
            failed?: long(name='Failed', description='失败数目', example='1'),
            skipped?: long(name='Skipped', description='跳过数目', example='1'),
            success?: long(name='Success', description='成功数目', example='1'),
            total?: long(name='Total', description='总共数目', example='3'),
          }(name='Binded', description='绑定结果统计'),
          created?: {
            failed?: long(name='Failed', description='失败数目', example='1'),
            skipped?: long(name='Skipped', description='跳过数目', example='1'),
            success?: long(name='Success', description='成功数目', example='1'),
            total?: long(name='Total', description='总共数目', example='3'),
          }(name='Created', description='创建结果统计'),
          deleted?: {
            failed?: long(name='Failed', description='失败数目', example='1'),
            skipped?: long(name='Skipped', description='跳过数目', example='1'),
            success?: long(name='Success', description='成功数目', example='1'),
            total?: long(name='Total', description='总共数目', example='3'),
          }(name='Deleted', description='删除结果统计'),
          pushed?: {
            failed?: long(name='Failed', description='失败数目', example='1'),
            skipped?: long(name='Skipped', description='跳过数目', example='1'),
            success?: long(name='Success', description='成功数目', example='1'),
            total?: long(name='Total', description='总共数目', example='3'),
          }(name='Pushed', description='推送结果统计'),
          same?: {
            failed?: long(name='Failed', description='失败数目', example='1'),
            skipped?: long(name='Skipped', description='跳过数目', example='1'),
            success?: long(name='Success', description='成功数目', example='1'),
            total?: long(name='Total', description='总共数目', example='3'),
          }(name='Same', description='相同结果统计'),
          updated?: {
            failed?: long(name='Failed', description='失败数目', example='1'),
            skipped?: long(name='Skipped', description='跳过数目', example='1'),
            success?: long(name='Success', description='成功数目', example='1'),
            total?: long(name='Total', description='总共数目', example='3'),
          }(name='Updated', description='更新结果统计'),
        }(name='GroupStatistics', description='组同步结果统计'),
        organizationalUnitStatistics?: {
          binded?: {
            failed?: long(name='Failed', description='失败数目', example='1'),
            skipped?: long(name='Skipped', description='跳过数目', example='1'),
            success?: long(name='Success', description='成功数目', example='1'),
            total?: long(name='Total', description='总共数目', example='3'),
          }(name='Binded', description='绑定结果统计'),
          created?: {
            failed?: long(name='Failed', description='失败数目', example='1'),
            skipped?: long(name='Skipped', description='跳过数目', example='1'),
            success?: long(name='Success', description='成功数目', example='1'),
            total?: long(name='Total', description='总共数目', example='3'),
          }(name='Created', description='创建结果统计'),
          deleted?: {
            failed?: long(name='Failed', description='失败数目', example='1'),
            skipped?: long(name='Skipped', description='跳过数目', example='1'),
            success?: long(name='Success', description='成功数目', example='1'),
            total?: long(name='Total', description='总共数目', example='3'),
          }(name='Deleted', description='删除结果统计'),
          pushed?: {
            failed?: long(name='Failed', description='失败数目', example='1'),
            skipped?: long(name='Skipped', description='跳过数目', example='1'),
            success?: long(name='Success', description='成功数目', example='1'),
            total?: long(name='Total', description='总共数目', example='3'),
          }(name='Pushed', description='推送结果统计'),
          same?: {
            failed?: long(name='Failed', description='失败数目', example='1'),
            skipped?: long(name='Skipped', description='跳过数目', example='1'),
            success?: long(name='Success', description='成功数目', example='1'),
            total?: long(name='Total', description='总共数目', example='3'),
          }(name='Same', description='相同结果统计'),
          updated?: {
            failed?: long(name='Failed', description='失败数目', example='1'),
            skipped?: long(name='Skipped', description='跳过数目', example='1'),
            success?: long(name='Success', description='成功数目', example='1'),
            total?: long(name='Total', description='总共数目', example='3'),
          }(name='Updated', description='更新结果统计'),
        }(name='OrganizationalUnitStatistics', description='组织同步结果统计'),
        userStatistics?: {
          binded?: {
            failed?: long(name='Failed', description='失败数目', example='1'),
            skipped?: long(name='Skipped', description='跳过数目', example='1'),
            success?: long(name='Success', description='成功数目', example='1'),
            total?: long(name='Total', description='总共数目', example='3'),
          }(name='Binded', description='绑定结果统计'),
          created?: {
            failed?: long(name='Failed', description='失败数目', example='1'),
            skipped?: long(name='Skipped', description='跳过数目', example='1'),
            success?: long(name='Success', description='成功数目', example='1'),
            total?: long(name='Total', description='总共数目', example='3'),
          }(name='Created', description='创建结果统计'),
          deleted?: {
            failed?: long(name='Failed', description='失败数目', example='1'),
            skipped?: long(name='Skipped', description='跳过数目', example='1'),
            success?: long(name='Success', description='成功数目', example='1'),
            total?: long(name='Total', description='总共数目', example='3'),
          }(name='Deleted', description='删除结果统计'),
          exported?: {
            failed?: long(name='Failed'),
            skipped?: long(name='Skipped'),
            success?: long(name='Success'),
            total?: long(name='Total'),
          }(name='Exported'),
          pushed?: {
            failed?: long(name='Failed', description='失败数目', example='1'),
            skipped?: long(name='Skipped', description='跳过数目', example='1'),
            success?: long(name='Success', description='成功数目', example='1'),
            total?: long(name='Total', description='总共数目', example='3'),
          }(name='Pushed', description='推送结果统计'),
          same?: {
            failed?: long(name='Failed', description='失败数目', example='1'),
            skipped?: long(name='Skipped', description='跳过数目', example='1'),
            success?: long(name='Success', description='成功数目', example='1'),
            total?: long(name='Total', description='总共数目', example='3'),
          }(name='Same', description='相同结果统计'),
          updated?: {
            failed?: long(name='Failed', description='失败数目', example='1'),
            skipped?: long(name='Skipped', description='跳过数目', example='1'),
            success?: long(name='Success', description='成功数目', example='1'),
            total?: long(name='Total', description='总共数目', example='3'),
          }(name='Updated', description='更新结果统计'),
        }(name='UserStatistics', description='用户同步结果统计'),
      }(name='Result', description='同步任务结果'),
      startTime?: long(name='StartTime', description='同步开始时间', example='1649830226000'),
      status?: string(name='Status', description='同步任务状态', example='success'),
      synchronizationJobId?: string(name='SynchronizationJobId', description='同步任务ID', example='sync_0000347vjovtcf41li0fgsd98gn24q9njxxxxx'),
      targetId?: string(name='TargetId', description='同步目标ID', example='idp_my664lwkhpicbyzirog3xxxxx'),
      targetType?: string(name='TargetType', description='同步目标类型', example='identity_provider'),
      triggerType?: string(name='TriggerType', description='同步触发类型', example='auto'),
    }
  ](name='SynchronizationJobs'),
  totalCount?: long(name='TotalCount', example='100'),
}

model ListSynchronizationJobsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListSynchronizationJobsResponseBody(name='body'),
}

/**
 * @summary 查询同步任务
 *
 * @param request ListSynchronizationJobsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListSynchronizationJobsResponse
 */
async function listSynchronizationJobsWithOptions(request: ListSynchronizationJobsRequest, runtime: $RuntimeOptions): ListSynchronizationJobsResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.direction)) {
    query['Direction'] = request.direction;
  }
  if (!$isNull(request.endTime)) {
    query['EndTime'] = request.endTime;
  }
  if (!$isNull(request.filters)) {
    query['Filters'] = request.filters;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.maxResults)) {
    query['MaxResults'] = request.maxResults;
  }
  if (!$isNull(request.nextToken)) {
    query['NextToken'] = request.nextToken;
  }
  if (!$isNull(request.pageNumber)) {
    query['PageNumber'] = request.pageNumber;
  }
  if (!$isNull(request.pageSize)) {
    query['PageSize'] = request.pageSize;
  }
  if (!$isNull(request.startTime)) {
    query['StartTime'] = request.startTime;
  }
  if (!$isNull(request.status)) {
    query['Status'] = request.status;
  }
  if (!$isNull(request.targetIds)) {
    query['TargetIds'] = request.targetIds;
  }
  if (!$isNull(request.targetType)) {
    query['TargetType'] = request.targetType;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'ListSynchronizationJobs',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 查询同步任务
 *
 * @param request ListSynchronizationJobsRequest
 * @return ListSynchronizationJobsResponse
 */
async function listSynchronizationJobs(request: ListSynchronizationJobsRequest): ListSynchronizationJobsResponse {
  var runtime = new $RuntimeOptions{};
  return listSynchronizationJobsWithOptions(request, runtime);
}

model ListUsersRequest {
  displayNameStartsWith?: string(name='DisplayNameStartsWith', description='Displayname', example='name_001'),
  email?: string(name='Email', description='The email address of the user who owns the account.', example='user@example.com'),
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  organizationalUnitId?: string(name='OrganizationalUnitId', description='The ID of the organizational unit.', example='ou_wovwffm62xifdziem7an7xxxxx'),
  pageNumber?: long(name='PageNumber', description='The number of the page to return. Default value: 1.', example='1'),
  pageSize?: long(name='PageSize', description='The number of entries to return on each page. Default value: 20.', example='20'),
  phoneNumber?: string(name='PhoneNumber', description='The mobile number of the user who owns the account.', example='156xxxxxxx'),
  phoneRegion?: string(name='PhoneRegion', description='The country code of the mobile number. For example, the country code of China is 86 without 00 or +.', example='86'),
  status?: string(name='Status', description='The status of the account. Valid values:

*   enabled: The account is enabled.
*   disabled: The account is disabled.', example='enable'),
  userExternalId?: string(name='UserExternalId', description='The external ID of the account. The external ID can be used by external data to map the data of the account in IDaaS EIAM.

For accounts with the same source type and source ID, each account has a unique external ID.', example='id_wovwffm62xifdziem7an7xxxxx'),
  userIds?: [ string ](name='UserIds', description='User ID set'),
  userSourceId?: string(name='UserSourceId', description='The source ID of the account.

If the account was created in IDaaS, its source ID is the ID of the IDaaS instance. If the account was imported, its source ID is the enterprise ID in the source. For example, if the account was imported from DingTalk, its source ID is the corpId value of the enterprise in DingTalk.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  userSourceType?: string(name='UserSourceType', description='The source type of the account. Valid values:

*   build_in: The account was created in IDaaS.
*   ding_talk: The account was imported from DingTalk.
*   ad: The account was imported from Microsoft Active Directory (AD).
*   ldap: The account was imported from a Lightweight Directory Access Protocol (LDAP) service.', example='build_in'),
  usernameStartsWith?: string(name='UsernameStartsWith', description='Username', example='name_001'),
}

model ListUsersResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
  totalCount?: long(name='TotalCount', description='The number of entries in the list.', example='100'),
  users?: [ 
    {
      accountExpireTime?: long(name='AccountExpireTime', description='The time when the account expires. This value is a UNIX timestamp. Unit: milliseconds.', example='1652085686179'),
      createTime?: long(name='CreateTime', description='The time when the account was created. This value is a UNIX timestamp. Unit: milliseconds.', example='1652085686179'),
      description?: string(name='Description', description='The description of the account.', example='Test account'),
      displayName?: string(name='DisplayName', description='The display name of the account.', example='display_name001'),
      email?: string(name='Email', description='The email address of the user who owns the account.', example='user@example.com'),
      emailVerified?: boolean(name='EmailVerified', description='Indicates whether the email address has been verified. A value of true indicates that the email address has been verified by the user or has been set to the verified status by the administrator. A value of false indicates that the email address has not been verified.', example='true'),
      instanceId?: string(name='InstanceId', description='The ID of the instance', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
      lockExpireTime?: long(name='LockExpireTime', description='The time when the account lock expires. This value is a UNIX timestamp. Unit: milliseconds.', example='1652085686179'),
      passwordExpireTime?: long(name='PasswordExpireTime', description='Time When Password Expires', example='1652085686179'),
      passwordSet?: boolean(name='PasswordSet', description='Indicates whether a password is set.', example='false'),
      phoneNumber?: string(name='PhoneNumber', description='The mobile number of the user who owns the account.', example='156xxxxxxx'),
      phoneNumberVerified?: boolean(name='PhoneNumberVerified', description='Indicates whether the mobile number has been verified. A value of true indicates that the mobile number has been verified by the user or has been set to the verified status by the administrator. A value of false indicates that the mobile number has not been verified.', example='true'),
      phoneRegion?: string(name='PhoneRegion', description='The country code of the mobile number. For example, the country code of China is 86 without 00 or +.', example='86'),
      registerTime?: long(name='RegisterTime', description='The time when the account was registered. This value is a UNIX timestamp. Unit: milliseconds.', example='1652085686179'),
      status?: string(name='Status', description='The status of the account. Valid values:

*   enabled: The account is enabled.
*   disabled: The account is disabled.', example='enabled'),
      updateTime?: long(name='UpdateTime', description='The time when the account was last updated. The value is a UNIX timestamp. Unit: milliseconds.', example='1652085686179'),
      userExternalId?: string(name='UserExternalId', description='The external ID of the account. The external ID can be used by external data to map the data of the account in IDaaS EIAM. By default, the external ID is the account ID.

For accounts with the same source type and source ID, each account has a unique external ID.', example='user_d6sbsuumeta4h66ec3il7yxxxx'),
      userId?: string(name='UserId', description='The ID of the account.', example='user_d6sbsuumeta4h66ec3il7yxxxx'),
      userSourceId?: string(name='UserSourceId', description='The source ID of the account.

If the account was created in IDaaS, its source ID is the ID of the IDaaS instance. If the account was imported, its source ID is the enterprise ID in the source. For example, if the account was imported from DingTalk, its source ID is the corpId value of the enterprise in DingTalk.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
      userSourceType?: string(name='UserSourceType', description='The source type of the account. Valid values:

*   build_in: The account was created in IDaaS.
*   ding_talk: The account was imported from DingTalk.
*   ad: The account was imported from Microsoft Active Directory (AD).
*   ldap: The account was imported from a Lightweight Directory Access Protocol (LDAP) service.', example='build_in'),
      username?: string(name='Username', description='The username of the account.', example='name001'),
    }
  ](name='Users', description='The list of data objects of accounts.'),
}

model ListUsersResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListUsersResponseBody(name='body'),
}

/**
 * @summary Queries the details of accounts in Identity as a Service (IDaaS) Employee IAM (EIAM) by page.
 *
 * @param request ListUsersRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListUsersResponse
 */
async function listUsersWithOptions(request: ListUsersRequest, runtime: $RuntimeOptions): ListUsersResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.displayNameStartsWith)) {
    query['DisplayNameStartsWith'] = request.displayNameStartsWith;
  }
  if (!$isNull(request.email)) {
    query['Email'] = request.email;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.organizationalUnitId)) {
    query['OrganizationalUnitId'] = request.organizationalUnitId;
  }
  if (!$isNull(request.pageNumber)) {
    query['PageNumber'] = request.pageNumber;
  }
  if (!$isNull(request.pageSize)) {
    query['PageSize'] = request.pageSize;
  }
  if (!$isNull(request.phoneNumber)) {
    query['PhoneNumber'] = request.phoneNumber;
  }
  if (!$isNull(request.phoneRegion)) {
    query['PhoneRegion'] = request.phoneRegion;
  }
  if (!$isNull(request.status)) {
    query['Status'] = request.status;
  }
  if (!$isNull(request.userExternalId)) {
    query['UserExternalId'] = request.userExternalId;
  }
  if (!$isNull(request.userIds)) {
    query['UserIds'] = request.userIds;
  }
  if (!$isNull(request.userSourceId)) {
    query['UserSourceId'] = request.userSourceId;
  }
  if (!$isNull(request.userSourceType)) {
    query['UserSourceType'] = request.userSourceType;
  }
  if (!$isNull(request.usernameStartsWith)) {
    query['UsernameStartsWith'] = request.usernameStartsWith;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'ListUsers',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the details of accounts in Identity as a Service (IDaaS) Employee IAM (EIAM) by page.
 *
 * @param request ListUsersRequest
 * @return ListUsersResponse
 */
async function listUsers(request: ListUsersRequest): ListUsersResponse {
  var runtime = new $RuntimeOptions{};
  return listUsersWithOptions(request, runtime);
}

model ListUsersForApplicationRequest {
  applicationId?: string(name='ApplicationId', description='The ID of the application.

This parameter is required.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  pageNumber?: long(name='PageNumber', description='The number of the page to return', example='1'),
  pageSize?: long(name='PageSize', description='The number of entries to return on each page.', example='20'),
  userIds?: [ string ](name='UserIds', description='The IDs of the accounts. You can query a maximum of 100 accounts at a time.', example='user_d6sbsuumeta4h66ec3il7yxxxx'),
}

model ListUsersForApplicationResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
  totalCount?: long(name='TotalCount', description='The total number of returned entries.', example='100'),
  users?: [ 
    {
      userId?: string(name='UserId', description='The ID of the account.', example='user_d6sbsuumeta4h66ec3il7yxxxx'),
    }
  ](name='Users', description='The IDs of the accounts.'),
}

model ListUsersForApplicationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListUsersForApplicationResponseBody(name='body'),
}

/**
 * @summary Queries the accounts that are allowed to access an Employee Identity and Access Management (EIAM) application. The return results include the IDs of the accounts. If you need to obtain the details of the accounts, call the GetUser operation.
 *
 * @param request ListUsersForApplicationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListUsersForApplicationResponse
 */
async function listUsersForApplicationWithOptions(request: ListUsersForApplicationRequest, runtime: $RuntimeOptions): ListUsersForApplicationResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.applicationId)) {
    query['ApplicationId'] = request.applicationId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.pageNumber)) {
    query['PageNumber'] = request.pageNumber;
  }
  if (!$isNull(request.pageSize)) {
    query['PageSize'] = request.pageSize;
  }
  if (!$isNull(request.userIds)) {
    query['UserIds'] = request.userIds;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'ListUsersForApplication',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the accounts that are allowed to access an Employee Identity and Access Management (EIAM) application. The return results include the IDs of the accounts. If you need to obtain the details of the accounts, call the GetUser operation.
 *
 * @param request ListUsersForApplicationRequest
 * @return ListUsersForApplicationResponse
 */
async function listUsersForApplication(request: ListUsersForApplicationRequest): ListUsersForApplicationResponse {
  var runtime = new $RuntimeOptions{};
  return listUsersForApplicationWithOptions(request, runtime);
}

model ListUsersForGroupRequest {
  groupId?: string(name='GroupId', description='The group ID.

This parameter is required.', example='group_d6sbsuumeta4h66ec3il7yxxxx'),
  instanceId?: string(name='InstanceId', description='The instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  pageNumber?: long(name='PageNumber', description='The number of the page to return. Default value: 1.', example='1'),
  pageSize?: long(name='PageSize', description='The number of entries to return on each page. Default value: 20. Maximum value: 100.', example='20'),
  userIds?: [ string ](name='UserIds', description='The account IDs. A maximum of 100 accounts can be queried.', example='[ou_001]'),
}

model ListUsersForGroupResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
  totalCount?: long(name='TotalCount', description='The total number of entries returned. The maximum number of entries that can be returned per page is specified by PageSize.', example='1000'),
  users?: [ 
    {
      groupMemberRelationSourceId?: string(name='GroupMemberRelationSourceId', description='Account membership source id', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
      groupMemberRelationSourceType?: string(name='GroupMemberRelationSourceType', description='Account membership source type', example='build_in'),
      userId?: string(name='UserId', description='The account ID.', example='user_d6sbsuumeta4h66ec3il7yxxxx'),
    }
  ](name='Users', description='The information about accounts.'),
}

model ListUsersForGroupResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListUsersForGroupResponseBody(name='body'),
}

/**
 * @summary Queries the information of accounts in an Employee Identity and Access Management (EIAM) group of Identity as a Service (IDaaS).
 *
 * @param request ListUsersForGroupRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListUsersForGroupResponse
 */
async function listUsersForGroupWithOptions(request: ListUsersForGroupRequest, runtime: $RuntimeOptions): ListUsersForGroupResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.groupId)) {
    query['GroupId'] = request.groupId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.pageNumber)) {
    query['PageNumber'] = request.pageNumber;
  }
  if (!$isNull(request.pageSize)) {
    query['PageSize'] = request.pageSize;
  }
  if (!$isNull(request.userIds)) {
    query['UserIds'] = request.userIds;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'ListUsersForGroup',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the information of accounts in an Employee Identity and Access Management (EIAM) group of Identity as a Service (IDaaS).
 *
 * @param request ListUsersForGroupRequest
 * @return ListUsersForGroupResponse
 */
async function listUsersForGroup(request: ListUsersForGroupRequest): ListUsersForGroupResponse {
  var runtime = new $RuntimeOptions{};
  return listUsersForGroupWithOptions(request, runtime);
}

model ObtainApplicationClientSecretRequest {
  applicationId?: string(name='ApplicationId', description='The ID of the application whose client key you want to query.

This parameter is required.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  secretId?: string(name='SecretId', description='The client key ID of the application.

This parameter is required.', example='sci_k52x2ru63rlkflina5utgkxxxx'),
}

model ObtainApplicationClientSecretResponseBody = {
  applicationClientSecret?: {
    applicationId?: string(name='ApplicationId', description='The ID of the application whose client key you want to query.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
    clientId?: string(name='ClientId', description='The client ID of the application.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
    clientSecret?: string(name='ClientSecret', description='The client key secret of the application.', example='CSEHDcHcrUKHw1CuxkJEHPveWRXBGqVqRsxxxx'),
    instanceId?: string(name='InstanceId', description='The ID of the instance.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
    lastUsedTime?: long(name='LastUsedTime', description='The time when the client key was last used. The value is a UNIX timestamp. Unit: milliseconds.', example='1649830226000'),
    secretId?: string(name='SecretId', description='The client key ID of the application.', example='sci_k52x2ru63rlkflina5utgkxxxx'),
    status?: string(name='Status', description='The status of the client key. Valid values:

*   Enabled: The client key is enabled.
*   Disabled: The client key is disabled.', example='enabled'),
  }(name='ApplicationClientSecret', description='The information about the client key.'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model ObtainApplicationClientSecretResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ObtainApplicationClientSecretResponseBody(name='body'),
}

/**
 * @summary Queries a client key of an Employee Identity and Access Management (EIAM) application. The returned key secret is masked. If you want to query the key secret that is not masked, call the ListApplicationClientSecrets operation.
 *
 * @param request ObtainApplicationClientSecretRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ObtainApplicationClientSecretResponse
 */
async function obtainApplicationClientSecretWithOptions(request: ObtainApplicationClientSecretRequest, runtime: $RuntimeOptions): ObtainApplicationClientSecretResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.applicationId)) {
    query['ApplicationId'] = request.applicationId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.secretId)) {
    query['SecretId'] = request.secretId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'ObtainApplicationClientSecret',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries a client key of an Employee Identity and Access Management (EIAM) application. The returned key secret is masked. If you want to query the key secret that is not masked, call the ListApplicationClientSecrets operation.
 *
 * @param request ObtainApplicationClientSecretRequest
 * @return ObtainApplicationClientSecretResponse
 */
async function obtainApplicationClientSecret(request: ObtainApplicationClientSecretRequest): ObtainApplicationClientSecretResponse {
  var runtime = new $RuntimeOptions{};
  return obtainApplicationClientSecretWithOptions(request, runtime);
}

model ObtainDomainProxyTokenRequest {
  domainId?: string(name='DomainId', description='域名ID。

This parameter is required.', example='dm_examplexxxxx'),
  domainProxyTokenId?: string(name='DomainProxyTokenId', description='域名代理Token ID。

This parameter is required.', example='pt_examplexxxx'),
  instanceId?: string(name='InstanceId', description='IDaaS EIAM实例的ID。

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model ObtainDomainProxyTokenResponseBody = {
  domainProxyToken?: {
    createTime?: long(name='CreateTime', description='域名代理Token创建时间，Unix时间戳格式，单位为毫秒。', example='1649830226000'),
    domainId?: string(name='DomainId', description='域名ID。', example='dm_examplexxxx'),
    domainProxyToken?: string(name='DomainProxyToken', description='域名代理Token。', example='PTxxxxxxxx'),
    domainProxyTokenId?: string(name='DomainProxyTokenId', description='域名代理Token ID。', example='pt_examplexxxx'),
    instanceId?: string(name='InstanceId', description='实例ID。', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
    lastUsedTime?: long(name='LastUsedTime', description='域名代理Token最近使用时间，Unix时间戳格式，单位为毫秒。', example='1649830226000'),
    status?: string(name='Status', description='token状态，枚举类型：(enabled）启用,（disabled）禁用。', example='enabled'),
    updateTime?: long(name='UpdateTime', description='域名代理Token最近更新时间，Unix时间戳格式，单位为毫秒。', example='1649830226000'),
  }(name='DomainProxyToken'),
  requestId?: string(name='RequestId', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model ObtainDomainProxyTokenResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ObtainDomainProxyTokenResponseBody(name='body'),
}

/**
 * @summary 查看指定域名安全代理Token。
 *
 * @param request ObtainDomainProxyTokenRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ObtainDomainProxyTokenResponse
 */
async function obtainDomainProxyTokenWithOptions(request: ObtainDomainProxyTokenRequest, runtime: $RuntimeOptions): ObtainDomainProxyTokenResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.domainId)) {
    query['DomainId'] = request.domainId;
  }
  if (!$isNull(request.domainProxyTokenId)) {
    query['DomainProxyTokenId'] = request.domainProxyTokenId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'ObtainDomainProxyToken',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 查看指定域名安全代理Token。
 *
 * @param request ObtainDomainProxyTokenRequest
 * @return ObtainDomainProxyTokenResponse
 */
async function obtainDomainProxyToken(request: ObtainDomainProxyTokenRequest): ObtainDomainProxyTokenResponse {
  var runtime = new $RuntimeOptions{};
  return obtainDomainProxyTokenWithOptions(request, runtime);
}

model RemoveUserFromOrganizationalUnitsRequest {
  instanceId?: string(name='InstanceId', description='The instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  organizationalUnitIds?: [ string ](name='OrganizationalUnitIds', description='The organization IDs. You can remove an account from a maximum of 100 organizations.

This parameter is required.'),
  userId?: string(name='UserId', description='The account ID.

This parameter is required.', example='user_d6sbsuumeta4h66ec3il7yxxxx'),
}

model RemoveUserFromOrganizationalUnitsResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model RemoveUserFromOrganizationalUnitsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: RemoveUserFromOrganizationalUnitsResponseBody(name='body'),
}

/**
 * @summary Removes an Employee Identity and Access Management (EIAM) account from multiple EIAM organizations of Identity as a Service (IDaaS). You cannot remove an account from a primary organization.
 *
 * @param request RemoveUserFromOrganizationalUnitsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return RemoveUserFromOrganizationalUnitsResponse
 */
async function removeUserFromOrganizationalUnitsWithOptions(request: RemoveUserFromOrganizationalUnitsRequest, runtime: $RuntimeOptions): RemoveUserFromOrganizationalUnitsResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.organizationalUnitIds)) {
    query['OrganizationalUnitIds'] = request.organizationalUnitIds;
  }
  if (!$isNull(request.userId)) {
    query['UserId'] = request.userId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'RemoveUserFromOrganizationalUnits',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Removes an Employee Identity and Access Management (EIAM) account from multiple EIAM organizations of Identity as a Service (IDaaS). You cannot remove an account from a primary organization.
 *
 * @param request RemoveUserFromOrganizationalUnitsRequest
 * @return RemoveUserFromOrganizationalUnitsResponse
 */
async function removeUserFromOrganizationalUnits(request: RemoveUserFromOrganizationalUnitsRequest): RemoveUserFromOrganizationalUnitsResponse {
  var runtime = new $RuntimeOptions{};
  return removeUserFromOrganizationalUnitsWithOptions(request, runtime);
}

model RemoveUsersFromGroupRequest {
  groupId?: string(name='GroupId', description='The group ID.

This parameter is required.', example='group_d6sbsuumeta4h66ec3il7yxxxx'),
  instanceId?: string(name='InstanceId', description='The instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  userIds?: [ string ](name='UserIds', description='The account IDs. A maximum of 100 accounts can be removed from a group.

This parameter is required.', example='[ou_001]'),
}

model RemoveUsersFromGroupResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model RemoveUsersFromGroupResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: RemoveUsersFromGroupResponseBody(name='body'),
}

/**
 * @summary Removes Employee Identity and Access Management (EIAM) accounts from an EIAM group of Identity as a Service (IDaaS).
 *
 * @param request RemoveUsersFromGroupRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return RemoveUsersFromGroupResponse
 */
async function removeUsersFromGroupWithOptions(request: RemoveUsersFromGroupRequest, runtime: $RuntimeOptions): RemoveUsersFromGroupResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.groupId)) {
    query['GroupId'] = request.groupId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.userIds)) {
    query['UserIds'] = request.userIds;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'RemoveUsersFromGroup',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Removes Employee Identity and Access Management (EIAM) accounts from an EIAM group of Identity as a Service (IDaaS).
 *
 * @param request RemoveUsersFromGroupRequest
 * @return RemoveUsersFromGroupResponse
 */
async function removeUsersFromGroup(request: RemoveUsersFromGroupRequest): RemoveUsersFromGroupResponse {
  var runtime = new $RuntimeOptions{};
  return removeUsersFromGroupWithOptions(request, runtime);
}

model RevokeApplicationFromGroupsRequest {
  applicationId?: string(name='ApplicationId', description='The application ID.

This parameter is required.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
  groupIds?: [ string ](name='GroupIds', description='The group IDs. You can specify up to 100 group IDs at a time.

This parameter is required.', example='group_miu8e4t4d7i4u7uwezgr54xxxx'),
  instanceId?: string(name='InstanceId', description='The instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model RevokeApplicationFromGroupsResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model RevokeApplicationFromGroupsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: RevokeApplicationFromGroupsResponseBody(name='body'),
}

/**
 * @summary Revokes the permissions to access an application from multiple account groups at a time in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM).
 *
 * @param request RevokeApplicationFromGroupsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return RevokeApplicationFromGroupsResponse
 */
async function revokeApplicationFromGroupsWithOptions(request: RevokeApplicationFromGroupsRequest, runtime: $RuntimeOptions): RevokeApplicationFromGroupsResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.applicationId)) {
    query['ApplicationId'] = request.applicationId;
  }
  if (!$isNull(request.groupIds)) {
    query['GroupIds'] = request.groupIds;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'RevokeApplicationFromGroups',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Revokes the permissions to access an application from multiple account groups at a time in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM).
 *
 * @param request RevokeApplicationFromGroupsRequest
 * @return RevokeApplicationFromGroupsResponse
 */
async function revokeApplicationFromGroups(request: RevokeApplicationFromGroupsRequest): RevokeApplicationFromGroupsResponse {
  var runtime = new $RuntimeOptions{};
  return revokeApplicationFromGroupsWithOptions(request, runtime);
}

model RevokeApplicationFromOrganizationalUnitsRequest {
  applicationId?: string(name='ApplicationId', description='The ID of the application.

This parameter is required.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  organizationalUnitIds?: [ string ](name='OrganizationalUnitIds', description='The IDs of the organizations. You can revoke the access permissions from a maximum of 100 organizations at a time.

This parameter is required.', example='ou_wovwffm62xifdziem7an7xxxxx'),
}

model RevokeApplicationFromOrganizationalUnitsResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model RevokeApplicationFromOrganizationalUnitsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: RevokeApplicationFromOrganizationalUnitsResponseBody(name='body'),
}

/**
 * @summary Revokes the permissions to access an application from multiple Employee Identity and Access Management (EIAM) organizations at a time.
 *
 * @param request RevokeApplicationFromOrganizationalUnitsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return RevokeApplicationFromOrganizationalUnitsResponse
 */
async function revokeApplicationFromOrganizationalUnitsWithOptions(request: RevokeApplicationFromOrganizationalUnitsRequest, runtime: $RuntimeOptions): RevokeApplicationFromOrganizationalUnitsResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.applicationId)) {
    query['ApplicationId'] = request.applicationId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.organizationalUnitIds)) {
    query['OrganizationalUnitIds'] = request.organizationalUnitIds;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'RevokeApplicationFromOrganizationalUnits',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Revokes the permissions to access an application from multiple Employee Identity and Access Management (EIAM) organizations at a time.
 *
 * @param request RevokeApplicationFromOrganizationalUnitsRequest
 * @return RevokeApplicationFromOrganizationalUnitsResponse
 */
async function revokeApplicationFromOrganizationalUnits(request: RevokeApplicationFromOrganizationalUnitsRequest): RevokeApplicationFromOrganizationalUnitsResponse {
  var runtime = new $RuntimeOptions{};
  return revokeApplicationFromOrganizationalUnitsWithOptions(request, runtime);
}

model RevokeApplicationFromUsersRequest {
  applicationId?: string(name='ApplicationId', description='The ID of the application.

This parameter is required.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  userIds?: [ string ](name='UserIds', description='The IDs of the accounts. You can revoke the access permissions from a maximum of 100 accounts at a time.

This parameter is required.', example='user_d6sbsuumeta4h66ec3il7yxxxx'),
}

model RevokeApplicationFromUsersResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model RevokeApplicationFromUsersResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: RevokeApplicationFromUsersResponseBody(name='body'),
}

/**
 * @summary Revokes the permissions to access an application from multiple Employee Identity and Access Management (EIAM) accounts at a time.
 *
 * @param request RevokeApplicationFromUsersRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return RevokeApplicationFromUsersResponse
 */
async function revokeApplicationFromUsersWithOptions(request: RevokeApplicationFromUsersRequest, runtime: $RuntimeOptions): RevokeApplicationFromUsersResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.applicationId)) {
    query['ApplicationId'] = request.applicationId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.userIds)) {
    query['UserIds'] = request.userIds;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'RevokeApplicationFromUsers',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Revokes the permissions to access an application from multiple Employee Identity and Access Management (EIAM) accounts at a time.
 *
 * @param request RevokeApplicationFromUsersRequest
 * @return RevokeApplicationFromUsersResponse
 */
async function revokeApplicationFromUsers(request: RevokeApplicationFromUsersRequest): RevokeApplicationFromUsersResponse {
  var runtime = new $RuntimeOptions{};
  return revokeApplicationFromUsersWithOptions(request, runtime);
}

model RunSynchronizationJobRequest {
  description?: string(name='Description', example='描述'),
  instanceId?: string(name='InstanceId', description='IDaaS EIAM实例的ID。

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  passwordInitialization?: boolean(name='PasswordInitialization'),
  synchronizationScopeConfig?: {
    groupIds?: [ string ](name='GroupIds'),
    organizationalUnitIds?: [ string ](name='OrganizationalUnitIds'),
    userIds?: [ string ](name='UserIds'),
  }(name='SynchronizationScopeConfig'),
  targetId?: string(name='TargetId', description='同步目标ID

This parameter is required.', example='idp_my664lwkhpicbyzirog3ngxxxxx'),
  targetType?: string(name='TargetType', description='同步目标类型

This parameter is required.', example='identity_provider'),
  userIdentityTypes?: [ string ](name='UserIdentityTypes'),
}

model RunSynchronizationJobResponseBody = {
  requestId?: string(name='RequestId', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
  synchronizationJobId?: string(name='SynchronizationJobId', example='sync_0000347vjovtcf41li0fgsd98gn24q9nj9xxxxx'),
}

model RunSynchronizationJobResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: RunSynchronizationJobResponseBody(name='body'),
}

/**
 * @summary 运行同步任务
 *
 * @param request RunSynchronizationJobRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return RunSynchronizationJobResponse
 */
async function runSynchronizationJobWithOptions(request: RunSynchronizationJobRequest, runtime: $RuntimeOptions): RunSynchronizationJobResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.description)) {
    query['Description'] = request.description;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.passwordInitialization)) {
    query['PasswordInitialization'] = request.passwordInitialization;
  }
  if (!$isNull(request.synchronizationScopeConfig)) {
    query['SynchronizationScopeConfig'] = request.synchronizationScopeConfig;
  }
  if (!$isNull(request.targetId)) {
    query['TargetId'] = request.targetId;
  }
  if (!$isNull(request.targetType)) {
    query['TargetType'] = request.targetType;
  }
  if (!$isNull(request.userIdentityTypes)) {
    query['UserIdentityTypes'] = request.userIdentityTypes;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'RunSynchronizationJob',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 运行同步任务
 *
 * @param request RunSynchronizationJobRequest
 * @return RunSynchronizationJobResponse
 */
async function runSynchronizationJob(request: RunSynchronizationJobRequest): RunSynchronizationJobResponse {
  var runtime = new $RuntimeOptions{};
  return runSynchronizationJobWithOptions(request, runtime);
}

model SetApplicationGrantScopeRequest {
  applicationId?: string(name='ApplicationId', description='The ID of the application that you want to configure.

This parameter is required.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
  grantScopes?: [ string ](name='GrantScopes', description='The permissions of the Developer API feature.'),
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model SetApplicationGrantScopeResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model SetApplicationGrantScopeResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: SetApplicationGrantScopeResponseBody(name='body'),
}

/**
 * @summary Configures the permissions of the Developer API feature of an Employee Identity and Access Management (EIAM) application.
 *
 * @param request SetApplicationGrantScopeRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return SetApplicationGrantScopeResponse
 */
async function setApplicationGrantScopeWithOptions(request: SetApplicationGrantScopeRequest, runtime: $RuntimeOptions): SetApplicationGrantScopeResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.applicationId)) {
    query['ApplicationId'] = request.applicationId;
  }
  if (!$isNull(request.grantScopes)) {
    query['GrantScopes'] = request.grantScopes;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'SetApplicationGrantScope',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Configures the permissions of the Developer API feature of an Employee Identity and Access Management (EIAM) application.
 *
 * @param request SetApplicationGrantScopeRequest
 * @return SetApplicationGrantScopeResponse
 */
async function setApplicationGrantScope(request: SetApplicationGrantScopeRequest): SetApplicationGrantScopeResponse {
  var runtime = new $RuntimeOptions{};
  return setApplicationGrantScopeWithOptions(request, runtime);
}

model SetApplicationProvisioningConfigRequest {
  applicationId?: string(name='ApplicationId', description='The ID of the application.

This parameter is required.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
  callbackProvisioningConfig?: {
    callbackUrl?: string(name='CallbackUrl', description='The URL that the application uses to receive IDaaS event callbacks.', example='https://example.com/event/callback'),
    encryptKey?: string(name='EncryptKey', description='The symmetric key for IDaaS event callbacks. The key is an AES-256 encryption key in the HEX format.', example='ad3b248**************************b3561a73d7'),
    encryptRequired?: boolean(name='EncryptRequired', description='Specifies whether to encrypt IDaaS event callback messages. Valid values:

*   true: encrypt the messages.
*   false: transmit the messages in plaintext.', example='true'),
    listenEventScopes?: [ string ](name='ListenEventScopes', description='The list of types of IDaaS event callback messages that are supported by the listener.'),
  }(name='CallbackProvisioningConfig', description='The configuration of event callback synchronization. This parameter is required when the ProvisionProtocolType parameter is set to idaas_callback.'),
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  provisionPassword?: boolean(name='ProvisionPassword', description='Specifies whether to synchronize the password in IDaaS user event callbacks. Valid values:

*   true: synchronize the password.
*   false: do not synchronize the password.', example='true'),
  provisionProtocolType?: string(name='ProvisionProtocolType', description='The synchronization protocol type of the application. Valid values:

*   idaas_callback: custom event callback protocol of IDaaS.
*   scim2: System for Cross-domain Identity Management (SCIM) protocol.

This parameter is required.', example='idaas_callback'),
  scimProvisioningConfig?: {
    authnConfiguration?: {
      authnMode?: string(name='AuthnMode', description='The authentication mode of the SCIM protocol. Valid value:

*   oauth2: OAuth2.0 mode.', example='oauth2'),
      authnParam?: {
        accessToken?: string(name='AccessToken', description='The access token. If the GrantType parameter is set to bearer_token, you can set this parameter.', example='k52x2ru63rlkflina5utgkxxxx'),
        authnMethod?: string(name='AuthnMethod', description='The authentication mode of the SCIM protocol. Valid values:

*   client_secret_basic: The client secret is passed in the request header.
*   client_secret_post: The client secret is passed in the request body.', example='client_secret_basic'),
        clientId?: string(name='ClientId', description='The client ID of the application.', example='mkv7rgt4d7i4u7zqtzev2mxxxx'),
        clientSecret?: string(name='ClientSecret', description='The client secret of the application.', example='CSEHDcHcrUKHw1CuxkJEHPveWRXBGqVqRsxxxx'),
        tokenEndpoint?: string(name='TokenEndpoint', description='The token endpoint.', example='https://www.example.com/oauth/token'),
      }(name='AuthnParam', description='The configuration parameters related to authorization.

*   If the GrantType parameter is set to client_credentials, you can set the configuration parameters ClientId, ClientSecret, and AuthnMethod.
*   If the GrantType parameter is set to bearer_token, you can set the configuration parameter AccessToken.'),
      grantType?: string(name='GrantType', description='The grant type of the SCIM protocol. Valid values:

*   client_credentials: client mode.
*   bearer_token: key mode.', example='bearer_token'),
    }(name='AuthnConfiguration', description='The configuration parameters related to SCIM-based synchronization.'),
    fullPushScopes?: [ string ](name='FullPushScopes', description='The full synchronization scope of the SCIM protocol. Valid value:

*   urn:alibaba:idaas:app:scim:User:PUSH: full account data synchronization.'),
    provisioningActions?: [ string ](name='ProvisioningActions', description='The resource operations of the SCIM protocol. Valid values:

*   urn:alibaba:idaas:app:scim:User:CREATE: account creation.
*   urn:alibaba:idaas:app:scim:User:UPDATE: account update.
*   urn:alibaba:idaas:app:scim:User:DELETE: account deletion.'),
    scimBaseUrl?: string(name='ScimBaseUrl', description='The base URL that the application uses to receive the SCIM protocol for IDaaS synchronization.', example='https://example.com/scim'),
  }(name='ScimProvisioningConfig', description='The configuration of SCIM-based IDaaS synchronization. This parameter is required when the ProvisionProtocolType parameter is set to scim2.'),
}

model SetApplicationProvisioningConfigResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model SetApplicationProvisioningConfigResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: SetApplicationProvisioningConfigResponseBody(name='body'),
}

/**
 * @summary Configures the account synchronization feature for an application in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM).
 *
 * @param request SetApplicationProvisioningConfigRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return SetApplicationProvisioningConfigResponse
 */
async function setApplicationProvisioningConfigWithOptions(request: SetApplicationProvisioningConfigRequest, runtime: $RuntimeOptions): SetApplicationProvisioningConfigResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.applicationId)) {
    query['ApplicationId'] = request.applicationId;
  }
  if (!$isNull(request.callbackProvisioningConfig)) {
    query['CallbackProvisioningConfig'] = request.callbackProvisioningConfig;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.provisionPassword)) {
    query['ProvisionPassword'] = request.provisionPassword;
  }
  if (!$isNull(request.provisionProtocolType)) {
    query['ProvisionProtocolType'] = request.provisionProtocolType;
  }
  if (!$isNull(request.scimProvisioningConfig)) {
    query['ScimProvisioningConfig'] = request.scimProvisioningConfig;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'SetApplicationProvisioningConfig',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Configures the account synchronization feature for an application in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM).
 *
 * @param request SetApplicationProvisioningConfigRequest
 * @return SetApplicationProvisioningConfigResponse
 */
async function setApplicationProvisioningConfig(request: SetApplicationProvisioningConfigRequest): SetApplicationProvisioningConfigResponse {
  var runtime = new $RuntimeOptions{};
  return setApplicationProvisioningConfigWithOptions(request, runtime);
}

model SetApplicationProvisioningScopeRequest {
  applicationId?: string(name='ApplicationId', description='The ID of the application.

This parameter is required.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
  groupIds?: [ string ](name='GroupIds', description='List of groups that are authorized to be synchronized from'),
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  organizationalUnitIds?: [ string ](name='OrganizationalUnitIds', description='The list of organizational units that are authorized for account synchronization.'),
}

model SetApplicationProvisioningScopeResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model SetApplicationProvisioningScopeResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: SetApplicationProvisioningScopeResponseBody(name='body'),
}

/**
 * @summary Sets the account synchronization scope of applications in Identity as a Service (IDaaS) Employee IAM (EIAM). This scope is the same as the scope within which developers can call the DeveloperAPI to query and manage accounts.
 *
 * @param request SetApplicationProvisioningScopeRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return SetApplicationProvisioningScopeResponse
 */
async function setApplicationProvisioningScopeWithOptions(request: SetApplicationProvisioningScopeRequest, runtime: $RuntimeOptions): SetApplicationProvisioningScopeResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.applicationId)) {
    query['ApplicationId'] = request.applicationId;
  }
  if (!$isNull(request.groupIds)) {
    query['GroupIds'] = request.groupIds;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.organizationalUnitIds)) {
    query['OrganizationalUnitIds'] = request.organizationalUnitIds;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'SetApplicationProvisioningScope',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Sets the account synchronization scope of applications in Identity as a Service (IDaaS) Employee IAM (EIAM). This scope is the same as the scope within which developers can call the DeveloperAPI to query and manage accounts.
 *
 * @param request SetApplicationProvisioningScopeRequest
 * @return SetApplicationProvisioningScopeResponse
 */
async function setApplicationProvisioningScope(request: SetApplicationProvisioningScopeRequest): SetApplicationProvisioningScopeResponse {
  var runtime = new $RuntimeOptions{};
  return setApplicationProvisioningScopeWithOptions(request, runtime);
}

model SetApplicationSsoConfigRequest {
  applicationId?: string(name='ApplicationId', description='The ID of the application.

This parameter is required.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
  clientToken?: string(name='ClientToken'),
  initLoginType?: string(name='InitLoginType', description='The initial SSO method. Valid values:

*   only_app_init_sso: Only application-initiated SSO is allowed. This method is selected by default when the SSO protocol of the application is an OIDC protocol. If this method is selected when the SSO protocol of the application is SAML, the InitLoginUrl parameter is required.
*   idaas_or_app_init_sso: IDaaS-initiated SSO and application-initiated SSO are allowed. This method is selected by default when the SSO protocol of the application is SAML. If this method is selected when the SSO protocol of the application is an OIDC protocol, the InitLoginUrl parameter is required.', example='only_app_init_sso'),
  initLoginUrl?: string(name='InitLoginUrl', description='The initial webhook URL of SSO. This parameter is required when the SSO protocol of the application is an OIDC protocol and the InitLoginType parameters is set to idaas_or_app_init_sso or when the SSO protocol of the application is SAML and the InitLoginType parameter is set to only_app_init_sso.', example='http://127.0.0.1:8000/start_login?enterprise_code=ABCDEF'),
  instanceId?: string(name='InstanceId', description='The instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  oidcSsoConfig?: {
    accessTokenEffectiveTime?: long(name='AccessTokenEffectiveTime', description='The validity period of the issued access token. Unit: seconds. Default value: 1200.', example='1200'),
    codeEffectiveTime?: long(name='CodeEffectiveTime', description='The validity period of the issued code. Unit: seconds. Default value: 60.', example='60'),
    customClaims?: [ 
      {
        claimName?: string(name='ClaimName', description='The claim name.', example='"Role"'),
        claimValueExpression?: string(name='ClaimValueExpression', description='The expression that is used to generate the value of the claim.', example='user.dict.applicationRole'),
      }
    ](name='CustomClaims', description='The custom claims that are returned for the ID token.'),
    grantScopes?: [ string ](name='GrantScopes', description='The scopes of user attributes that can be returned for the UserInfo endpoint or ID token.', example='profile，email'),
    grantTypes?: [ string ](name='GrantTypes', description='The list of grant types that are supported for OIDC protocols.', example='authorization_code'),
    idTokenEffectiveTime?: long(name='IdTokenEffectiveTime', description='The validity period of the issued ID token. Unit: seconds. Default value: 300.', example='300'),
    passwordAuthenticationSourceId?: string(name='PasswordAuthenticationSourceId', description='The ID of the identity authentication source in password mode. Specify this parameter only when the value of the GrantTypes parameter includes the password mode.', example='ia_password'),
    passwordTotpMfaRequired?: boolean(name='PasswordTotpMfaRequired', description='Specifies whether time-based one-time password (TOTP) authentication is required in password mode. Specify this parameter only when the value of the GrantTypes parameter includes the password mode.', example='true'),
    pkceChallengeMethods?: [ string ](name='PkceChallengeMethods', description='The algorithms that are used to calculate the code challenge for PKCE.', example='S256'),
    pkceRequired?: boolean(name='PkceRequired', description='Specifies whether the SSO of the application requires Proof Key for Code Exchange (PKCE) (RFC 7636).', example='true'),
    postLogoutRedirectUris?: [ string ](name='PostLogoutRedirectUris', description='The list of logout redirect URIs that are supported by the application.'),
    redirectUris?: [ string ](name='RedirectUris', description='The list of redirect URIs that are supported by the application.'),
    refreshTokenEffective?: long(name='RefreshTokenEffective', description='The validity period of the issued refresh token. Unit: seconds. Default value: 86400.', example='86400'),
    responseTypes?: [ string ](name='ResponseTypes', description='The response types that are supported by the application. Specify this parameter when the value of the GrantTypes parameter includes the implicit mode.', example='token id_token'),
    subjectIdExpression?: string(name='SubjectIdExpression', description='The custom expression that is used to generate the subject ID returned for the ID token.', example='user.userid'),
  }(name='OidcSsoConfig', description='The Open ID Connect (OIDC)-based SSO configuration attributes of the application.'),
  samlSsoConfig?: {
    assertionSigned?: boolean(name='AssertionSigned', description='Specifies whether to calculate the signature for the assertion. You cannot set ResponseSigned and AssertionSigned to false at the same time.

*   true
*   false', example='true'),
    attributeStatements?: [ 
      {
        attributeName?: string(name='AttributeName', description='The attribute name.', example='https://www.aliyun.com/SAML-Role/Attributes/RoleSessionName'),
        attributeValueExpression?: string(name='AttributeValueExpression', description='The expression that is used to generate the value of the attribute.', example='user.username'),
      }
    ](name='AttributeStatements', description='The additional user attributes in the SAML assertion.'),
    defaultRelayState?: string(name='DefaultRelayState', description='The default value of the RelayState attribute. If the SSO request is initiated in EIAM, the RelayState attribute in the SAML response is set to this default value.', example='https://home.console.aliyun.com'),
    idPEntityId?: string(name='IdPEntityId'),
    nameIdFormat?: string(name='NameIdFormat', description='The Format attribute of the NameID element in the SAML assertion. Valid values:

*   urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified: No format is specified. How to resolve the NameID element depends on the application.
*   urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress: The NameID element must be an email address.
*   urn:oasis:names:tc:SAML:2.0:nameid-format:persistent: The NameID element must be persistent.
*   urn:oasis:names:tc:SAML:2.0:nameid-format:transient: The NameID element must be transient.', example='urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified'),
    nameIdValueExpression?: string(name='NameIdValueExpression', description='The expression that is used to generate the value of NameID in the SAML assertion.', example='user.email'),
    optionalRelayStates?: [ 
      {
        displayName?: string(name='DisplayName'),
        relayState?: string(name='RelayState'),
      }
    ](name='OptionalRelayStates'),
    responseSigned?: boolean(name='ResponseSigned', description='Specifies whether to calculate the signature for the response. You cannot set ResponseSigned and AssertionSigned to false at the same time.

*   true
*   false', example='true'),
    signatureAlgorithm?: string(name='SignatureAlgorithm', description='The algorithm that is used to calculate the signature for the SAML assertion.

Enumeration value:

*   RSA-SHA256

    <!-- -->

    :

    <!-- -->

    the Rivest-Shamir-Adleman (RSA)-Secure Hash Algorithm 256 (SHA-256) algorithm

    <!-- -->

    .', example='RSA-SHA256'),
    spEntityId?: string(name='SpEntityId', description='The entity ID of the application in SAML.', example='urn:alibaba:cloudcomputing'),
    spSsoAcsUrl?: string(name='SpSsoAcsUrl', description='The Assertion Consumer Service (ACS) URL of the application in SAML.', example='https://signin.aliyun.com/saml-role/sso'),
  }(name='SamlSsoConfig', description='The Security Assertion Markup Language (SAML)-based single sign-on (SSO) configuration attributes of the application.'),
}

model SetApplicationSsoConfigResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model SetApplicationSsoConfigResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: SetApplicationSsoConfigResponseBody(name='body'),
}

/**
 * @summary Specifies the single sign-on (SSO) configuration attributes of an application in Identity as a Service (IDaaS) Employee IAM (EIAM).
 *
 * @description In IDaaS EIAM, the application management feature supports multiple SSO protocols for applications, including SAML 2.0 and OIDC protocols. Each application supports only one protocol, and the protocol cannot be changed after the application is created. You can specify the SSO configuration attributes of an application based on the supported SSO protocol.
 *
 * @param request SetApplicationSsoConfigRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return SetApplicationSsoConfigResponse
 */
async function setApplicationSsoConfigWithOptions(request: SetApplicationSsoConfigRequest, runtime: $RuntimeOptions): SetApplicationSsoConfigResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.applicationId)) {
    query['ApplicationId'] = request.applicationId;
  }
  if (!$isNull(request.clientToken)) {
    query['ClientToken'] = request.clientToken;
  }
  if (!$isNull(request.initLoginType)) {
    query['InitLoginType'] = request.initLoginType;
  }
  if (!$isNull(request.initLoginUrl)) {
    query['InitLoginUrl'] = request.initLoginUrl;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.oidcSsoConfig)) {
    query['OidcSsoConfig'] = request.oidcSsoConfig;
  }
  if (!$isNull(request.samlSsoConfig)) {
    query['SamlSsoConfig'] = request.samlSsoConfig;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'SetApplicationSsoConfig',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Specifies the single sign-on (SSO) configuration attributes of an application in Identity as a Service (IDaaS) Employee IAM (EIAM).
 *
 * @description In IDaaS EIAM, the application management feature supports multiple SSO protocols for applications, including SAML 2.0 and OIDC protocols. Each application supports only one protocol, and the protocol cannot be changed after the application is created. You can specify the SSO configuration attributes of an application based on the supported SSO protocol.
 *
 * @param request SetApplicationSsoConfigRequest
 * @return SetApplicationSsoConfigResponse
 */
async function setApplicationSsoConfig(request: SetApplicationSsoConfigRequest): SetApplicationSsoConfigResponse {
  var runtime = new $RuntimeOptions{};
  return setApplicationSsoConfigWithOptions(request, runtime);
}

model SetDefaultDomainRequest {
  domainId?: string(name='DomainId', description='域名ID。

This parameter is required.', example='dm_examplexxxxx'),
  instanceId?: string(name='InstanceId', description='IDaaS EIAM实例的ID。

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model SetDefaultDomainResponseBody = {
  requestId?: string(name='RequestId', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model SetDefaultDomainResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: SetDefaultDomainResponseBody(name='body'),
}

/**
 * @summary 设置默认域名。
 *
 * @param request SetDefaultDomainRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return SetDefaultDomainResponse
 */
async function setDefaultDomainWithOptions(request: SetDefaultDomainRequest, runtime: $RuntimeOptions): SetDefaultDomainResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.domainId)) {
    query['DomainId'] = request.domainId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'SetDefaultDomain',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 设置默认域名。
 *
 * @param request SetDefaultDomainRequest
 * @return SetDefaultDomainResponse
 */
async function setDefaultDomain(request: SetDefaultDomainRequest): SetDefaultDomainResponse {
  var runtime = new $RuntimeOptions{};
  return setDefaultDomainWithOptions(request, runtime);
}

model SetForgetPasswordConfigurationRequest {
  authenticationChannels?: [ string ](name='AuthenticationChannels', description='The authentication channels. Valid values: email and sms.', example='email'),
  forgetPasswordStatus?: string(name='ForgetPasswordStatus', description='The status of the forgot password feature. Valid values: enabled and disabled.

This parameter is required.', example='enabled'),
  instanceId?: string(name='InstanceId', description='The instance ID.

This parameter is required.', example='eiam-111ccc1111'),
}

model SetForgetPasswordConfigurationResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model SetForgetPasswordConfigurationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: SetForgetPasswordConfigurationResponseBody(name='body'),
}

/**
 * @summary Configures a forgot password policy for an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS).
 *
 * @param request SetForgetPasswordConfigurationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return SetForgetPasswordConfigurationResponse
 */
async function setForgetPasswordConfigurationWithOptions(request: SetForgetPasswordConfigurationRequest, runtime: $RuntimeOptions): SetForgetPasswordConfigurationResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.authenticationChannels)) {
    query['AuthenticationChannels'] = request.authenticationChannels;
  }
  if (!$isNull(request.forgetPasswordStatus)) {
    query['ForgetPasswordStatus'] = request.forgetPasswordStatus;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'SetForgetPasswordConfiguration',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Configures a forgot password policy for an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS).
 *
 * @param request SetForgetPasswordConfigurationRequest
 * @return SetForgetPasswordConfigurationResponse
 */
async function setForgetPasswordConfiguration(request: SetForgetPasswordConfigurationRequest): SetForgetPasswordConfigurationResponse {
  var runtime = new $RuntimeOptions{};
  return setForgetPasswordConfigurationWithOptions(request, runtime);
}

model SetIdentityProviderUdPullConfigurationRequest {
  groupSyncStatus?: string(name='GroupSyncStatus', description='组同步状态', example='disabled'),
  identityProviderId?: string(name='IdentityProviderId', description='IDaaS的身份提供方主键id

This parameter is required.', example='idp_my664lwkhpicbyzirog3xxxxx'),
  incrementalCallbackStatus?: string(name='IncrementalCallbackStatus', description='增量回调状态，是否处理来自IdP的增量回调数据

This parameter is required.', example='disabled'),
  instanceId?: string(name='InstanceId', description='IDaaS EIAM实例的ID。

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  ldapUdPullConfig?: {
    groupMemberAttributeName?: string(name='GroupMemberAttributeName', description='组成员标识', example='member'),
    groupObjectClass?: string(name='GroupObjectClass', description='组objectClass', example='group'),
    groupObjectClassCustomFilter?: string(name='GroupObjectClassCustomFilter', description='组自定义Filter', example='(|(cn=test)(group=test@test.com))'),
    organizationUnitObjectClass?: string(name='OrganizationUnitObjectClass', description='组织ObjectClass', example='organizationUnit,top'),
    userObjectClass?: string(name='UserObjectClass', description='用户ObjectClass', example='userPrincipalName, mail'),
    userObjectClassCustomFilter?: string(name='UserObjectClassCustomFilter', description='用户自定义Filter', example='(|(cn=test)(mail=test@test.com))'),
  }(name='LdapUdPullConfig', description='ldap同步侧相关配置信息'),
  periodicSyncConfig?: {
    periodicSyncCron?: string(name='PeriodicSyncCron', example='0 45 1 * * ?'),
    periodicSyncTimes?: [ int32 ](name='PeriodicSyncTimes'),
    periodicSyncType?: string(name='PeriodicSyncType', example='cron'),
  }(name='PeriodicSyncConfig'),
  periodicSyncStatus?: string(name='PeriodicSyncStatus', example='disabled'),
  pullProtectedRule?: {
    groupDeletedThreshold?: int32(name='GroupDeletedThreshold', description='同步保护规则-删除组数量', example='10'),
    organizationalUnitDeletedThreshold?: int32(name='OrganizationalUnitDeletedThreshold', description='钉钉一方应用同步保护规则-删除组织数量', example='10'),
    userDeletedThreshold?: int32(name='UserDeletedThreshold', description='钉钉一方应用同步保护规则-删除账户数量', example='30'),
  }(name='PullProtectedRule', description='同步入保护规则,根据IdP的type做解析'),
  udSyncScopeConfig?: {
    sourceScopes?: [ string ](name='SourceScopes', description='同步来源节点'),
    targetScope?: string(name='TargetScope', description='同步目标节点', example='ou_asdaq1addsxzdq1XXX'),
  }(name='UdSyncScopeConfig', description='同步入配置信息'),
}

model SetIdentityProviderUdPullConfigurationResponseBody = {
  requestId?: string(name='RequestId', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model SetIdentityProviderUdPullConfigurationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: SetIdentityProviderUdPullConfigurationResponseBody(name='body'),
}

/**
 * @summary 修改IdP同步入配置
 *
 * @param request SetIdentityProviderUdPullConfigurationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return SetIdentityProviderUdPullConfigurationResponse
 */
async function setIdentityProviderUdPullConfigurationWithOptions(request: SetIdentityProviderUdPullConfigurationRequest, runtime: $RuntimeOptions): SetIdentityProviderUdPullConfigurationResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.groupSyncStatus)) {
    query['GroupSyncStatus'] = request.groupSyncStatus;
  }
  if (!$isNull(request.identityProviderId)) {
    query['IdentityProviderId'] = request.identityProviderId;
  }
  if (!$isNull(request.incrementalCallbackStatus)) {
    query['IncrementalCallbackStatus'] = request.incrementalCallbackStatus;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.ldapUdPullConfig)) {
    query['LdapUdPullConfig'] = request.ldapUdPullConfig;
  }
  if (!$isNull(request.periodicSyncConfig)) {
    query['PeriodicSyncConfig'] = request.periodicSyncConfig;
  }
  if (!$isNull(request.periodicSyncStatus)) {
    query['PeriodicSyncStatus'] = request.periodicSyncStatus;
  }
  if (!$isNull(request.pullProtectedRule)) {
    query['PullProtectedRule'] = request.pullProtectedRule;
  }
  if (!$isNull(request.udSyncScopeConfig)) {
    query['UdSyncScopeConfig'] = request.udSyncScopeConfig;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'SetIdentityProviderUdPullConfiguration',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 修改IdP同步入配置
 *
 * @param request SetIdentityProviderUdPullConfigurationRequest
 * @return SetIdentityProviderUdPullConfigurationResponse
 */
async function setIdentityProviderUdPullConfiguration(request: SetIdentityProviderUdPullConfigurationRequest): SetIdentityProviderUdPullConfigurationResponse {
  var runtime = new $RuntimeOptions{};
  return setIdentityProviderUdPullConfigurationWithOptions(request, runtime);
}

model SetPasswordComplexityConfigurationRequest {
  instanceId?: string(name='InstanceId', description='The instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  passwordComplexityRules?: [ 
    {
      passwordCheckType?: string(name='PasswordCheckType', description='The type of the password check. Valid values:

*   inclusion_upper_case: The password must contain uppercase letters.
*   inclusion_lower_case: The password must contain lowercase letters.
*   inclusion_special_case: The password must contain one or more of the following special characters: @ % + \\\\ / \\\\" ! # $ ^ ? : , ( ) { } [ ] ~ - _ .
*   inclusion_number: The password must contain digits.
*   exclusion_username: The password cannot contain a username.
*   exclusion_email: The password cannot contain an email prefix.
*   exclusion_phone_number: The password cannot contain a mobile number.
*   exclusion_display_name: The password cannot contain a display name.', example='inclusion_upper_case'),
    }
  ](name='PasswordComplexityRules', description='The password complexity rules.'),
  passwordMinLength?: int32(name='PasswordMinLength', description='The minimum number of characters in a password.

This parameter is required.', example='10'),
}

model SetPasswordComplexityConfigurationResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model SetPasswordComplexityConfigurationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: SetPasswordComplexityConfigurationResponseBody(name='body'),
}

/**
 * @summary Configures a password complexity policy for an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS).
 *
 * @param request SetPasswordComplexityConfigurationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return SetPasswordComplexityConfigurationResponse
 */
async function setPasswordComplexityConfigurationWithOptions(request: SetPasswordComplexityConfigurationRequest, runtime: $RuntimeOptions): SetPasswordComplexityConfigurationResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.passwordComplexityRules)) {
    query['PasswordComplexityRules'] = request.passwordComplexityRules;
  }
  if (!$isNull(request.passwordMinLength)) {
    query['PasswordMinLength'] = request.passwordMinLength;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'SetPasswordComplexityConfiguration',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Configures a password complexity policy for an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS).
 *
 * @param request SetPasswordComplexityConfigurationRequest
 * @return SetPasswordComplexityConfigurationResponse
 */
async function setPasswordComplexityConfiguration(request: SetPasswordComplexityConfigurationRequest): SetPasswordComplexityConfigurationResponse {
  var runtime = new $RuntimeOptions{};
  return setPasswordComplexityConfigurationWithOptions(request, runtime);
}

model SetPasswordExpirationConfigurationRequest {
  effectiveAuthenticationSourceIds?: [ string ](name='EffectiveAuthenticationSourceIds'),
  instanceId?: string(name='InstanceId', description='The instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  passwordExpirationAction?: string(name='PasswordExpirationAction', description='The action to take upon password expiration. This parameter must be specified when PasswordExpirationStatus is set to enabled. Valid values:

*   forbid_login: Users cannot log on to IDaaS.
*   force_update_password: Users must change the password.
*   remind_update_password: IDaaS reminds users to change the password upon each logon.', example='force_update_password'),
  passwordExpirationNotificationChannels?: [ string ](name='PasswordExpirationNotificationChannels', description='The methods for receiving password expiration notifications. This parameter must be specified when PasswordExpirationNotificationStatus is set to enabled.', example='login'),
  passwordExpirationNotificationDuration?: int32(name='PasswordExpirationNotificationDuration', description='The number of days before the expiration date during which password expiration notifications are sent. Unit: day. This parameter must be specified when PasswordExpirationNotificationStatus is set to enabled.', example='7'),
  passwordExpirationNotificationStatus?: string(name='PasswordExpirationNotificationStatus', description='Specifies whether to enable the password expiration notification feature. Valid values:

*   enabled
*   disabled', example='enabled'),
  passwordExpirationStatus?: string(name='PasswordExpirationStatus', description='Specifies whether to enable the password expiration feature. Valid values:

*   enabled
*   disabled

This parameter is required.', example='enabled'),
  passwordForcedUpdateDuration?: int32(name='PasswordForcedUpdateDuration', description='The number of days before which users must change the password to prevent password expiration. Unit: day. You must set this parameter to a value greater than the value of PasswordExpirationNotificationDuration.', example='7'),
  passwordValidMaxDay?: int32(name='PasswordValidMaxDay', description='The validity period of a password. Unit: day. This parameter must be specified when PasswordExpirationStatus is set to enabled.', example='180'),
}

model SetPasswordExpirationConfigurationResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model SetPasswordExpirationConfigurationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: SetPasswordExpirationConfigurationResponseBody(name='body'),
}

/**
 * @summary Configures a password expiration policy for an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS).
 *
 * @param request SetPasswordExpirationConfigurationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return SetPasswordExpirationConfigurationResponse
 */
async function setPasswordExpirationConfigurationWithOptions(request: SetPasswordExpirationConfigurationRequest, runtime: $RuntimeOptions): SetPasswordExpirationConfigurationResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.effectiveAuthenticationSourceIds)) {
    query['EffectiveAuthenticationSourceIds'] = request.effectiveAuthenticationSourceIds;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.passwordExpirationAction)) {
    query['PasswordExpirationAction'] = request.passwordExpirationAction;
  }
  if (!$isNull(request.passwordExpirationNotificationChannels)) {
    query['PasswordExpirationNotificationChannels'] = request.passwordExpirationNotificationChannels;
  }
  if (!$isNull(request.passwordExpirationNotificationDuration)) {
    query['PasswordExpirationNotificationDuration'] = request.passwordExpirationNotificationDuration;
  }
  if (!$isNull(request.passwordExpirationNotificationStatus)) {
    query['PasswordExpirationNotificationStatus'] = request.passwordExpirationNotificationStatus;
  }
  if (!$isNull(request.passwordExpirationStatus)) {
    query['PasswordExpirationStatus'] = request.passwordExpirationStatus;
  }
  if (!$isNull(request.passwordForcedUpdateDuration)) {
    query['PasswordForcedUpdateDuration'] = request.passwordForcedUpdateDuration;
  }
  if (!$isNull(request.passwordValidMaxDay)) {
    query['PasswordValidMaxDay'] = request.passwordValidMaxDay;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'SetPasswordExpirationConfiguration',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Configures a password expiration policy for an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS).
 *
 * @param request SetPasswordExpirationConfigurationRequest
 * @return SetPasswordExpirationConfigurationResponse
 */
async function setPasswordExpirationConfiguration(request: SetPasswordExpirationConfigurationRequest): SetPasswordExpirationConfigurationResponse {
  var runtime = new $RuntimeOptions{};
  return setPasswordExpirationConfigurationWithOptions(request, runtime);
}

model SetPasswordHistoryConfigurationRequest {
  instanceId?: string(name='InstanceId', description='The instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  passwordHistoryMaxRetention?: int32(name='PasswordHistoryMaxRetention', description='The maximum number of recent passwords that can be retained. This parameter must be specified when PasswordHistoryStatus is set to enabled.', example='3'),
  passwordHistoryStatus?: string(name='PasswordHistoryStatus', description='Specifies whether to enable the password history feature. Valid values:

*   enabled
*   disabled

This parameter is required.', example='enabled'),
}

model SetPasswordHistoryConfigurationResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model SetPasswordHistoryConfigurationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: SetPasswordHistoryConfigurationResponseBody(name='body'),
}

/**
 * @summary Configures a password history policy for an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS).
 *
 * @param request SetPasswordHistoryConfigurationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return SetPasswordHistoryConfigurationResponse
 */
async function setPasswordHistoryConfigurationWithOptions(request: SetPasswordHistoryConfigurationRequest, runtime: $RuntimeOptions): SetPasswordHistoryConfigurationResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.passwordHistoryMaxRetention)) {
    query['PasswordHistoryMaxRetention'] = request.passwordHistoryMaxRetention;
  }
  if (!$isNull(request.passwordHistoryStatus)) {
    query['PasswordHistoryStatus'] = request.passwordHistoryStatus;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'SetPasswordHistoryConfiguration',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Configures a password history policy for an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS).
 *
 * @param request SetPasswordHistoryConfigurationRequest
 * @return SetPasswordHistoryConfigurationResponse
 */
async function setPasswordHistoryConfiguration(request: SetPasswordHistoryConfigurationRequest): SetPasswordHistoryConfigurationResponse {
  var runtime = new $RuntimeOptions{};
  return setPasswordHistoryConfigurationWithOptions(request, runtime);
}

model SetPasswordInitializationConfigurationRequest {
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  passwordForcedUpdateStatus?: string(name='PasswordForcedUpdateStatus', description='Specifies whether to enable forcible password change upon first logon. Valid values:

*   enabled
*   disabled', example='enabled'),
  passwordInitializationNotificationChannels?: [ string ](name='PasswordInitializationNotificationChannels', description='The methods for receiving password initialization notifications.', example='email'),
  passwordInitializationStatus?: string(name='PasswordInitializationStatus', description='Specifies whether to enable password initialization. Valid values:

*   enabled
*   disabled

This parameter is required.', example='enabled'),
  passwordInitializationType?: string(name='PasswordInitializationType', description='The password initialization method. This parameter is required when PasswordInitializationStatus is set to enabled. Set the value to random.

*   random: A randomly generated password is used.', example='random'),
}

model SetPasswordInitializationConfigurationResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model SetPasswordInitializationConfigurationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: SetPasswordInitializationConfigurationResponseBody(name='body'),
}

/**
 * @summary Sets the password initialization configurations for an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS).
 *
 * @param request SetPasswordInitializationConfigurationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return SetPasswordInitializationConfigurationResponse
 */
async function setPasswordInitializationConfigurationWithOptions(request: SetPasswordInitializationConfigurationRequest, runtime: $RuntimeOptions): SetPasswordInitializationConfigurationResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.passwordForcedUpdateStatus)) {
    query['PasswordForcedUpdateStatus'] = request.passwordForcedUpdateStatus;
  }
  if (!$isNull(request.passwordInitializationNotificationChannels)) {
    query['PasswordInitializationNotificationChannels'] = request.passwordInitializationNotificationChannels;
  }
  if (!$isNull(request.passwordInitializationStatus)) {
    query['PasswordInitializationStatus'] = request.passwordInitializationStatus;
  }
  if (!$isNull(request.passwordInitializationType)) {
    query['PasswordInitializationType'] = request.passwordInitializationType;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'SetPasswordInitializationConfiguration',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Sets the password initialization configurations for an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS).
 *
 * @param request SetPasswordInitializationConfigurationRequest
 * @return SetPasswordInitializationConfigurationResponse
 */
async function setPasswordInitializationConfiguration(request: SetPasswordInitializationConfigurationRequest): SetPasswordInitializationConfigurationResponse {
  var runtime = new $RuntimeOptions{};
  return setPasswordInitializationConfigurationWithOptions(request, runtime);
}

model SetUserPrimaryOrganizationalUnitRequest {
  instanceId?: string(name='InstanceId', description='The instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  organizationalUnitId?: string(name='OrganizationalUnitId', description='The ID of the new primary organizational unit.

This parameter is required.', example='ou_wovwffm62xifdziem7an7xxxxx'),
  userId?: string(name='UserId', description='The ID of the account.

This parameter is required.', example='user_d6sbsuumeta4h66ec3il7yxxxx'),
}

model SetUserPrimaryOrganizationalUnitResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model SetUserPrimaryOrganizationalUnitResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: SetUserPrimaryOrganizationalUnitResponseBody(name='body'),
}

/**
 * @summary Updates the primary organizational unit to which an Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM) account belongs. This account will be removed from the previous primary organizational unit and added to the new primary organization.
 *
 * @param request SetUserPrimaryOrganizationalUnitRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return SetUserPrimaryOrganizationalUnitResponse
 */
async function setUserPrimaryOrganizationalUnitWithOptions(request: SetUserPrimaryOrganizationalUnitRequest, runtime: $RuntimeOptions): SetUserPrimaryOrganizationalUnitResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.organizationalUnitId)) {
    query['OrganizationalUnitId'] = request.organizationalUnitId;
  }
  if (!$isNull(request.userId)) {
    query['UserId'] = request.userId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'SetUserPrimaryOrganizationalUnit',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Updates the primary organizational unit to which an Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM) account belongs. This account will be removed from the previous primary organizational unit and added to the new primary organization.
 *
 * @param request SetUserPrimaryOrganizationalUnitRequest
 * @return SetUserPrimaryOrganizationalUnitResponse
 */
async function setUserPrimaryOrganizationalUnit(request: SetUserPrimaryOrganizationalUnitRequest): SetUserPrimaryOrganizationalUnitResponse {
  var runtime = new $RuntimeOptions{};
  return setUserPrimaryOrganizationalUnitWithOptions(request, runtime);
}

model UnlockUserRequest {
  instanceId?: string(name='InstanceId', description='The instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  userId?: string(name='UserId', description='The account ID.

This parameter is required.', example='user_d6sbsuumeta4h66ec3il7yxxxx'),
}

model UnlockUserResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model UnlockUserResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UnlockUserResponseBody(name='body'),
}

/**
 * @summary Unlocks an Employee Identity and Access Management (EIAM) account of Identity as a Service (IDaaS) that is locked.
 *
 * @param request UnlockUserRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UnlockUserResponse
 */
async function unlockUserWithOptions(request: UnlockUserRequest, runtime: $RuntimeOptions): UnlockUserResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.userId)) {
    query['UserId'] = request.userId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'UnlockUser',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Unlocks an Employee Identity and Access Management (EIAM) account of Identity as a Service (IDaaS) that is locked.
 *
 * @param request UnlockUserRequest
 * @return UnlockUserResponse
 */
async function unlockUser(request: UnlockUserRequest): UnlockUserResponse {
  var runtime = new $RuntimeOptions{};
  return unlockUserWithOptions(request, runtime);
}

model UpdateApplicationAuthorizationTypeRequest {
  applicationId?: string(name='ApplicationId', description='The ID of the application that you want to modify.

This parameter is required.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
  authorizationType?: string(name='AuthorizationType', description='The authorization type of the application. Valid values:

*   authorize_required: Only the user with explicit authorization can access the application.
*   default_all: By default, all users can access the application.

This parameter is required.', example='authorize_required'),
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model UpdateApplicationAuthorizationTypeResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model UpdateApplicationAuthorizationTypeResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UpdateApplicationAuthorizationTypeResponseBody(name='body'),
}

/**
 * @summary Modifies the authorization type of an Employee Identity and Access Management (EIAM) application.
 *
 * @param request UpdateApplicationAuthorizationTypeRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UpdateApplicationAuthorizationTypeResponse
 */
async function updateApplicationAuthorizationTypeWithOptions(request: UpdateApplicationAuthorizationTypeRequest, runtime: $RuntimeOptions): UpdateApplicationAuthorizationTypeResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.applicationId)) {
    query['ApplicationId'] = request.applicationId;
  }
  if (!$isNull(request.authorizationType)) {
    query['AuthorizationType'] = request.authorizationType;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'UpdateApplicationAuthorizationType',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Modifies the authorization type of an Employee Identity and Access Management (EIAM) application.
 *
 * @param request UpdateApplicationAuthorizationTypeRequest
 * @return UpdateApplicationAuthorizationTypeResponse
 */
async function updateApplicationAuthorizationType(request: UpdateApplicationAuthorizationTypeRequest): UpdateApplicationAuthorizationTypeResponse {
  var runtime = new $RuntimeOptions{};
  return updateApplicationAuthorizationTypeWithOptions(request, runtime);
}

model UpdateApplicationDescriptionRequest {
  applicationId?: string(name='ApplicationId', description='The ID of the application that you want to modify.

This parameter is required.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
  description?: string(name='Description', description='The description of the application.', example='A demo application that is used for test.'),
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk2676xxxx'),
}

model UpdateApplicationDescriptionResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model UpdateApplicationDescriptionResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UpdateApplicationDescriptionResponseBody(name='body'),
}

/**
 * @summary Modifies the description of an Employee Identity and Access Management (EIAM) application.
 *
 * @param request UpdateApplicationDescriptionRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UpdateApplicationDescriptionResponse
 */
async function updateApplicationDescriptionWithOptions(request: UpdateApplicationDescriptionRequest, runtime: $RuntimeOptions): UpdateApplicationDescriptionResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.applicationId)) {
    query['ApplicationId'] = request.applicationId;
  }
  if (!$isNull(request.description)) {
    query['Description'] = request.description;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'UpdateApplicationDescription',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Modifies the description of an Employee Identity and Access Management (EIAM) application.
 *
 * @param request UpdateApplicationDescriptionRequest
 * @return UpdateApplicationDescriptionResponse
 */
async function updateApplicationDescription(request: UpdateApplicationDescriptionRequest): UpdateApplicationDescriptionResponse {
  var runtime = new $RuntimeOptions{};
  return updateApplicationDescriptionWithOptions(request, runtime);
}

model UpdateConditionalAccessPolicyRequest {
  conditionalAccessPolicyId?: string(name='ConditionalAccessPolicyId', description='Conditional Access Policy ID

This parameter is required.', example='cap_11111'),
  conditionalAccessPolicyName?: string(name='ConditionalAccessPolicyName', description='Conditional Access Policy Name

This parameter is required.', example='My Policy'),
  conditionsConfig?: {
    applications?: {
      excludeApplications?: [ string ](name='ExcludeApplications', description='Excluded Applications'),
      includeApplications?: [ string ](name='IncludeApplications', description='Included Applications'),
    }(name='Applications', description='Target Applications for the Conditional Access Policy'),
    networkZones?: {
      excludeNetworkZones?: [ string ](name='ExcludeNetworkZones', description='Excluded network zones'),
      includeNetworkZones?: [ string ](name='IncludeNetworkZones', description='Included network zones'),
    }(name='NetworkZones', description='Network zones for conditional access policy'),
    users?: {
      excludeGroups?: [ string ](name='ExcludeGroups', description='Excluded user groups'),
      excludeOrganizationalUnits?: [ string ](name='ExcludeOrganizationalUnits', description='Excluded organizations'),
      excludeUsers?: [ string ](name='ExcludeUsers', description='Excluded Users'),
      includeGroups?: [ string ](name='IncludeGroups', description='Included User Groups'),
      includeOrganizationalUnits?: [ string ](name='IncludeOrganizationalUnits', description='Included organizations'),
      includeUsers?: [ string ](name='IncludeUsers', description='Included Users'),
    }(name='Users', description='Target Users for the Conditional Access Policy'),
  }(name='ConditionsConfig', description='Conditional Access Policy Condition Content Configuration'),
  decisionConfig?: {
    activeSessionReuseStatus?: string(name='ActiveSessionReuseStatus', description='Whether to enable session reuse', example='enabled'),
    effect?: string(name='Effect', description='Conditional Access Policy Decision Action', example='allow'),
    mfaAuthenticationIntervalSeconds?: long(name='MfaAuthenticationIntervalSeconds', description='Conditional Access Policy Re-authentication Interval (seconds)', example='300'),
    mfaAuthenticationMethods?: [ string ](name='MfaAuthenticationMethods', description='Allowed MFA types for the Conditional Access Policy'),
    mfaType?: string(name='MfaType', description='Conditional Access Policy MFA Type', example='directly_access'),
  }(name='DecisionConfig', description='Conditional Access Policy Action Configuration'),
  decisionType?: string(name='DecisionType', description='Conditional Access Policy Execution Type

This parameter is required.', example='enforcement'),
  instanceId?: string(name='InstanceId', description='Instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  priority?: int32(name='Priority', description='Priority of the conditional access policy', example='1'),
}

model UpdateConditionalAccessPolicyResponseBody = {
  requestId?: string(name='RequestId', description='Request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model UpdateConditionalAccessPolicyResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UpdateConditionalAccessPolicyResponseBody(name='body'),
}

/**
 * @summary Update Conditional Access Policy
 *
 * @description Update Conditional Access Policy
 *
 * @param request UpdateConditionalAccessPolicyRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UpdateConditionalAccessPolicyResponse
 */
async function updateConditionalAccessPolicyWithOptions(request: UpdateConditionalAccessPolicyRequest, runtime: $RuntimeOptions): UpdateConditionalAccessPolicyResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.conditionalAccessPolicyId)) {
    query['ConditionalAccessPolicyId'] = request.conditionalAccessPolicyId;
  }
  if (!$isNull(request.conditionalAccessPolicyName)) {
    query['ConditionalAccessPolicyName'] = request.conditionalAccessPolicyName;
  }
  if (!$isNull(request.conditionsConfig)) {
    query['ConditionsConfig'] = request.conditionsConfig;
  }
  if (!$isNull(request.decisionConfig)) {
    query['DecisionConfig'] = request.decisionConfig;
  }
  if (!$isNull(request.decisionType)) {
    query['DecisionType'] = request.decisionType;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.priority)) {
    query['Priority'] = request.priority;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'UpdateConditionalAccessPolicy',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Update Conditional Access Policy
 *
 * @description Update Conditional Access Policy
 *
 * @param request UpdateConditionalAccessPolicyRequest
 * @return UpdateConditionalAccessPolicyResponse
 */
async function updateConditionalAccessPolicy(request: UpdateConditionalAccessPolicyRequest): UpdateConditionalAccessPolicyResponse {
  var runtime = new $RuntimeOptions{};
  return updateConditionalAccessPolicyWithOptions(request, runtime);
}

model UpdateConditionalAccessPolicyDescriptionRequest {
  conditionalAccessPolicyId?: string(name='ConditionalAccessPolicyId', description='Conditional Access Policy ID

This parameter is required.', example='cap_11111'),
  description?: string(name='Description', description='Description of the conditional access policy

This parameter is required.', example='Test Description'),
  instanceId?: string(name='InstanceId', description='Instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model UpdateConditionalAccessPolicyDescriptionResponseBody = {
  requestId?: string(name='RequestId', description='Request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model UpdateConditionalAccessPolicyDescriptionResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UpdateConditionalAccessPolicyDescriptionResponseBody(name='body'),
}

/**
 * @summary Update Conditional Access Policy Description
 *
 * @description Update Conditional Access Policy Description
 *
 * @param request UpdateConditionalAccessPolicyDescriptionRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UpdateConditionalAccessPolicyDescriptionResponse
 */
async function updateConditionalAccessPolicyDescriptionWithOptions(request: UpdateConditionalAccessPolicyDescriptionRequest, runtime: $RuntimeOptions): UpdateConditionalAccessPolicyDescriptionResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.conditionalAccessPolicyId)) {
    query['ConditionalAccessPolicyId'] = request.conditionalAccessPolicyId;
  }
  if (!$isNull(request.description)) {
    query['Description'] = request.description;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'UpdateConditionalAccessPolicyDescription',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Update Conditional Access Policy Description
 *
 * @description Update Conditional Access Policy Description
 *
 * @param request UpdateConditionalAccessPolicyDescriptionRequest
 * @return UpdateConditionalAccessPolicyDescriptionResponse
 */
async function updateConditionalAccessPolicyDescription(request: UpdateConditionalAccessPolicyDescriptionRequest): UpdateConditionalAccessPolicyDescriptionResponse {
  var runtime = new $RuntimeOptions{};
  return updateConditionalAccessPolicyDescriptionWithOptions(request, runtime);
}

model UpdateGroupRequest {
  groupExternalId?: string(name='GroupExternalId', description='The external ID of the group.', example='group_d6sbsuumeta4h66ec3il7yxxxx'),
  groupId?: string(name='GroupId', description='The group ID.

This parameter is required.', example='group_d6sbsuumeta4h66ec3il7yxxxx'),
  groupName?: string(name='GroupName', description='The name of the group.', example='name_test'),
  instanceId?: string(name='InstanceId', description='The instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model UpdateGroupResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model UpdateGroupResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UpdateGroupResponseBody(name='body'),
}

/**
 * @summary Updates the information about an account group in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM). If the information is empty, the information is not updated by default.
 *
 * @param request UpdateGroupRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UpdateGroupResponse
 */
async function updateGroupWithOptions(request: UpdateGroupRequest, runtime: $RuntimeOptions): UpdateGroupResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.groupExternalId)) {
    query['GroupExternalId'] = request.groupExternalId;
  }
  if (!$isNull(request.groupId)) {
    query['GroupId'] = request.groupId;
  }
  if (!$isNull(request.groupName)) {
    query['GroupName'] = request.groupName;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'UpdateGroup',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Updates the information about an account group in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM). If the information is empty, the information is not updated by default.
 *
 * @param request UpdateGroupRequest
 * @return UpdateGroupResponse
 */
async function updateGroup(request: UpdateGroupRequest): UpdateGroupResponse {
  var runtime = new $RuntimeOptions{};
  return updateGroupWithOptions(request, runtime);
}

model UpdateGroupDescriptionRequest {
  description?: string(name='Description', description='The description of the account group.', example='group_d6sbsuumeta4h66ec3il7yxxxx'),
  groupId?: string(name='GroupId', description='The ID of the account group.

This parameter is required.', example='group_d6sbsuumeta4h66ec3il7yxxxx'),
  instanceId?: string(name='InstanceId', description='The instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model UpdateGroupDescriptionResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model UpdateGroupDescriptionResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UpdateGroupDescriptionResponseBody(name='body'),
}

/**
 * @summary Updates the description of an Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM) account group.
 *
 * @param request UpdateGroupDescriptionRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UpdateGroupDescriptionResponse
 */
async function updateGroupDescriptionWithOptions(request: UpdateGroupDescriptionRequest, runtime: $RuntimeOptions): UpdateGroupDescriptionResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.description)) {
    query['Description'] = request.description;
  }
  if (!$isNull(request.groupId)) {
    query['GroupId'] = request.groupId;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'UpdateGroupDescription',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Updates the description of an Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM) account group.
 *
 * @param request UpdateGroupDescriptionRequest
 * @return UpdateGroupDescriptionResponse
 */
async function updateGroupDescription(request: UpdateGroupDescriptionRequest): UpdateGroupDescriptionResponse {
  var runtime = new $RuntimeOptions{};
  return updateGroupDescriptionWithOptions(request, runtime);
}

model UpdateIdentityProviderRequest {
  dingtalkAppConfig?: {
    appKey?: string(name='AppKey', description='钉钉一方应用的AppKey

This parameter is required.', example='49nyeaqumk7f'),
    appSecret?: string(name='AppSecret', description='钉钉一方应用的AppSecret

This parameter is required.', example='86nozWFL2CxgwnhKiXaG8dN4keLPkUNc5xxxx'),
  }(name='DingtalkAppConfig', description='钉钉出基本信息'),
  identityProviderId?: string(name='IdentityProviderId', description='IDaaS的身份提供方主键id

This parameter is required.', example='idp_my664lwkhpicbyzirog3xxxxx'),
  identityProviderName?: string(name='IdentityProviderName', description='身份提供方名称', example='test'),
  instanceId?: string(name='InstanceId', description='IDaaS EIAM实例的ID。

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  larkConfig?: {
    appId?: string(name='AppId', example='cli_xxxx'),
    appSecret?: string(name='AppSecret', example='KiiLzh5Dueh4wbLxxxx'),
    encryptKey?: string(name='EncryptKey'),
    verificationToken?: string(name='VerificationToken'),
  }(name='LarkConfig', description='飞书配置'),
  ldapConfig?: {
    administratorPassword?: string(name='AdministratorPassword', description='管理员密码', example='xxxxxx'),
    administratorUsername?: string(name='AdministratorUsername', description='管理员账号', example='DC=example,DC=com'),
    certificateFingerprintStatus?: string(name='CertificateFingerprintStatus', description='是否验证指纹证书', example='enabled'),
    certificateFingerprints?: [ string ](name='CertificateFingerprints', description='证书指纹列表'),
    ldapProtocol?: string(name='LdapProtocol', description='通信协议', example='ldap'),
    ldapServerHost?: string(name='LdapServerHost', description='ad/ldap 服务器地址', example='123.xx.xx.89'),
    ldapServerPort?: int32(name='LdapServerPort', description='端口号', example='636'),
    startTlsStatus?: string(name='StartTlsStatus', description='startTls是否开启', example='enabled'),
  }(name='LdapConfig', description='AD/LDAP基本信息'),
  logoUrl?: string(name='LogoUrl'),
  networkAccessEndpointId?: string(name='NetworkAccessEndpointId', description='网络端点ID', example='nae_examplexxxx'),
  oidcConfig?: {
    authnParam?: {
      authnMethod?: string(name='AuthnMethod', description='OIDC/oAuth2 认证方法。', example='client_secret_post'),
      clientSecret?: string(name='ClientSecret', description='OIDC/oAuth2 客户端密钥。', example='CSEHDddddddxxxxuxkJEHPveWRXBGqVqRsxxxx'),
    }(name='AuthnParam', description='OIDC客户端认证配置。'),
    endpointConfig?: {
      authorizationEndpoint?: string(name='AuthorizationEndpoint', description='oAuth2 授权端点。', example='https://example.com/oauth/authorize'),
      issuer?: string(name='Issuer', description='OIDC issuer信息。', example='https://example.com/oauth'),
      jwksUri?: string(name='JwksUri', description='OIDC jwks地址。', example='https://example.com/oauth/jwks'),
      tokenEndpoint?: string(name='TokenEndpoint', description='oAuth2 Token端点。', example='https://example.com/oauth/token'),
      userinfoEndpoint?: string(name='UserinfoEndpoint', description='OIDC 用户信息端点。', example='https://example.com/oauth/userinfo'),
    }(name='EndpointConfig', description='OIDC 端点配置。'),
    grantScopes?: [ string ](name='GrantScopes', description='OIDC标准参数，如profile、email等', example='openid'),
    grantType?: string(name='GrantType', description='OIDC授权类型。', example='authorization_code'),
    pkceChallengeMethod?: string(name='PkceChallengeMethod', description='支持的PKCE算法类型。', example='S256'),
    pkceRequired?: boolean(name='PkceRequired', description='AuthorizationCode授权模式下是否使用PKCE。', example='true'),
  }(name='OidcConfig', description='OIDC IdP配置。'),
  weComConfig?: {
    agentId?: string(name='AgentId', description='企业微信自建应用的Id', example='1237403'),
    authorizeCallbackDomain?: string(name='AuthorizeCallbackDomain', description='授权回调域', example='https://xxx.aliyunidaas.com/xxxxx'),
    corpSecret?: string(name='CorpSecret', description='企业微信自建应用的corpSecret', example='CSEHDddddddxxxxuxkJEHPveWRXBGqVqRsxxxx'),
    trustableDomain?: string(name='TrustableDomain', description='可信域名', example='https://xxx.aliyunidaas.com'),
  }(name='WeComConfig', description='企业微信基本信息'),
}

model UpdateIdentityProviderResponseBody = {
  requestId?: string(name='RequestId', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model UpdateIdentityProviderResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UpdateIdentityProviderResponseBody(name='body'),
}

/**
 * @summary 更新idp基础配置
 *
 * @param request UpdateIdentityProviderRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UpdateIdentityProviderResponse
 */
async function updateIdentityProviderWithOptions(request: UpdateIdentityProviderRequest, runtime: $RuntimeOptions): UpdateIdentityProviderResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.dingtalkAppConfig)) {
    query['DingtalkAppConfig'] = request.dingtalkAppConfig;
  }
  if (!$isNull(request.identityProviderId)) {
    query['IdentityProviderId'] = request.identityProviderId;
  }
  if (!$isNull(request.identityProviderName)) {
    query['IdentityProviderName'] = request.identityProviderName;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.larkConfig)) {
    query['LarkConfig'] = request.larkConfig;
  }
  if (!$isNull(request.ldapConfig)) {
    query['LdapConfig'] = request.ldapConfig;
  }
  if (!$isNull(request.logoUrl)) {
    query['LogoUrl'] = request.logoUrl;
  }
  if (!$isNull(request.networkAccessEndpointId)) {
    query['NetworkAccessEndpointId'] = request.networkAccessEndpointId;
  }
  if (!$isNull(request.oidcConfig)) {
    query['OidcConfig'] = request.oidcConfig;
  }
  if (!$isNull(request.weComConfig)) {
    query['WeComConfig'] = request.weComConfig;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'UpdateIdentityProvider',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 更新idp基础配置
 *
 * @param request UpdateIdentityProviderRequest
 * @return UpdateIdentityProviderResponse
 */
async function updateIdentityProvider(request: UpdateIdentityProviderRequest): UpdateIdentityProviderResponse {
  var runtime = new $RuntimeOptions{};
  return updateIdentityProviderWithOptions(request, runtime);
}

model UpdateInstanceDescriptionRequest {
  description?: string(name='Description', description='The new description of the instance.', example='测试实例'),
  instanceId?: string(name='InstanceId', description='The ID of the instance whose description you want to modify.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
}

model UpdateInstanceDescriptionResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model UpdateInstanceDescriptionResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UpdateInstanceDescriptionResponseBody(name='body'),
}

/**
 * @summary Modifies the description of an Enterprise Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS).
 *
 * @param request UpdateInstanceDescriptionRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UpdateInstanceDescriptionResponse
 */
async function updateInstanceDescriptionWithOptions(request: UpdateInstanceDescriptionRequest, runtime: $RuntimeOptions): UpdateInstanceDescriptionResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.description)) {
    query['Description'] = request.description;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'UpdateInstanceDescription',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Modifies the description of an Enterprise Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS).
 *
 * @param request UpdateInstanceDescriptionRequest
 * @return UpdateInstanceDescriptionResponse
 */
async function updateInstanceDescription(request: UpdateInstanceDescriptionRequest): UpdateInstanceDescriptionResponse {
  var runtime = new $RuntimeOptions{};
  return updateInstanceDescriptionWithOptions(request, runtime);
}

model UpdateNetworkAccessEndpointNameRequest {
  instanceId?: string(name='InstanceId', description='IDaaS EIAM实例的ID。

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  networkAccessEndpointId?: string(name='NetworkAccessEndpointId', description='专属网络端点ID。

This parameter is required.', example='nae_examplexxxx'),
  networkAccessEndpointName?: string(name='NetworkAccessEndpointName', description='专属网络端点名称。

This parameter is required.', example='xx业务VPC访问端点'),
}

model UpdateNetworkAccessEndpointNameResponseBody = {
  requestId?: string(name='RequestId', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model UpdateNetworkAccessEndpointNameResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UpdateNetworkAccessEndpointNameResponseBody(name='body'),
}

/**
 * @summary 更新一个专属网络端点的名称。
 *
 * @param request UpdateNetworkAccessEndpointNameRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UpdateNetworkAccessEndpointNameResponse
 */
async function updateNetworkAccessEndpointNameWithOptions(request: UpdateNetworkAccessEndpointNameRequest, runtime: $RuntimeOptions): UpdateNetworkAccessEndpointNameResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.networkAccessEndpointId)) {
    query['NetworkAccessEndpointId'] = request.networkAccessEndpointId;
  }
  if (!$isNull(request.networkAccessEndpointName)) {
    query['NetworkAccessEndpointName'] = request.networkAccessEndpointName;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'UpdateNetworkAccessEndpointName',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 更新一个专属网络端点的名称。
 *
 * @param request UpdateNetworkAccessEndpointNameRequest
 * @return UpdateNetworkAccessEndpointNameResponse
 */
async function updateNetworkAccessEndpointName(request: UpdateNetworkAccessEndpointNameRequest): UpdateNetworkAccessEndpointNameResponse {
  var runtime = new $RuntimeOptions{};
  return updateNetworkAccessEndpointNameWithOptions(request, runtime);
}

model UpdateOrganizationalUnitRequest {
  instanceId?: string(name='InstanceId', description='The instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  organizationalUnitId?: string(name='OrganizationalUnitId', description='The organization ID.

This parameter is required.', example='ou_wovwffm62xifdziem7an7xxxxx'),
  organizationalUnitName?: string(name='OrganizationalUnitName', description='The name of the organization. The name can be up to 128 characters in length and must be unique in the same parent organization.', example='ou_name'),
}

model UpdateOrganizationalUnitResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model UpdateOrganizationalUnitResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UpdateOrganizationalUnitResponseBody(name='body'),
}

/**
 * @summary Updates the basic information about an Employee Identity and Access Management (EIAM) organization. The basic information about the organization is not updated by default if no parameter is specified.
 *
 * @param request UpdateOrganizationalUnitRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UpdateOrganizationalUnitResponse
 */
async function updateOrganizationalUnitWithOptions(request: UpdateOrganizationalUnitRequest, runtime: $RuntimeOptions): UpdateOrganizationalUnitResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.organizationalUnitId)) {
    query['OrganizationalUnitId'] = request.organizationalUnitId;
  }
  if (!$isNull(request.organizationalUnitName)) {
    query['OrganizationalUnitName'] = request.organizationalUnitName;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'UpdateOrganizationalUnit',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Updates the basic information about an Employee Identity and Access Management (EIAM) organization. The basic information about the organization is not updated by default if no parameter is specified.
 *
 * @param request UpdateOrganizationalUnitRequest
 * @return UpdateOrganizationalUnitResponse
 */
async function updateOrganizationalUnit(request: UpdateOrganizationalUnitRequest): UpdateOrganizationalUnitResponse {
  var runtime = new $RuntimeOptions{};
  return updateOrganizationalUnitWithOptions(request, runtime);
}

model UpdateOrganizationalUnitDescriptionRequest {
  description?: string(name='Description', description='The description of the organization. The value can be up to 256 characters in length.', example='organizationalUnit_test'),
  instanceId?: string(name='InstanceId', description='The instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  organizationalUnitId?: string(name='OrganizationalUnitId', description='The organization ID.

This parameter is required.', example='ou_wovwffm62xifdziem7an7xxxxx'),
}

model UpdateOrganizationalUnitDescriptionResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model UpdateOrganizationalUnitDescriptionResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UpdateOrganizationalUnitDescriptionResponseBody(name='body'),
}

/**
 * @summary Modifies the description of an Employee Identity and Access Management (EIAM) organization.
 *
 * @param request UpdateOrganizationalUnitDescriptionRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UpdateOrganizationalUnitDescriptionResponse
 */
async function updateOrganizationalUnitDescriptionWithOptions(request: UpdateOrganizationalUnitDescriptionRequest, runtime: $RuntimeOptions): UpdateOrganizationalUnitDescriptionResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.description)) {
    query['Description'] = request.description;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.organizationalUnitId)) {
    query['OrganizationalUnitId'] = request.organizationalUnitId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'UpdateOrganizationalUnitDescription',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Modifies the description of an Employee Identity and Access Management (EIAM) organization.
 *
 * @param request UpdateOrganizationalUnitDescriptionRequest
 * @return UpdateOrganizationalUnitDescriptionResponse
 */
async function updateOrganizationalUnitDescription(request: UpdateOrganizationalUnitDescriptionRequest): UpdateOrganizationalUnitDescriptionResponse {
  var runtime = new $RuntimeOptions{};
  return updateOrganizationalUnitDescriptionWithOptions(request, runtime);
}

model UpdateOrganizationalUnitParentIdRequest {
  instanceId?: string(name='InstanceId', description='The instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  organizationalUnitId?: string(name='OrganizationalUnitId', description='The organization ID.

This parameter is required.', example='ou_wovwffm62xifdziem7an7xxxxx'),
  parentId?: string(name='ParentId', description='The parent organization ID.

This parameter is required.', example='ou_wovwffm62xifdziem7an7xxxxx'),
}

model UpdateOrganizationalUnitParentIdResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model UpdateOrganizationalUnitParentIdResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UpdateOrganizationalUnitParentIdResponseBody(name='body'),
}

/**
 * @summary Updates the parent organization ID of an organization in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM). In this case, the organization is moved from a parent node to a new node.
 *
 * @param request UpdateOrganizationalUnitParentIdRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UpdateOrganizationalUnitParentIdResponse
 */
async function updateOrganizationalUnitParentIdWithOptions(request: UpdateOrganizationalUnitParentIdRequest, runtime: $RuntimeOptions): UpdateOrganizationalUnitParentIdResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.organizationalUnitId)) {
    query['OrganizationalUnitId'] = request.organizationalUnitId;
  }
  if (!$isNull(request.parentId)) {
    query['ParentId'] = request.parentId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'UpdateOrganizationalUnitParentId',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Updates the parent organization ID of an organization in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM). In this case, the organization is moved from a parent node to a new node.
 *
 * @param request UpdateOrganizationalUnitParentIdRequest
 * @return UpdateOrganizationalUnitParentIdResponse
 */
async function updateOrganizationalUnitParentId(request: UpdateOrganizationalUnitParentIdRequest): UpdateOrganizationalUnitParentIdResponse {
  var runtime = new $RuntimeOptions{};
  return updateOrganizationalUnitParentIdWithOptions(request, runtime);
}

model UpdateUserRequest {
  customFields?: [ 
    {
      fieldName?: string(name='FieldName', description='The name of the extended field. You must create an extended field before you specify this parameter. To create an extended field, go to the Extended Fields page of the specified EIAM instance in the IDaaS console.', example='nick_name'),
      fieldValue?: string(name='FieldValue', description='The value of the extended field. The value follows the limits on the properties of the extended field.', example='test_value'),
      operation?: string(name='Operation', description='The operation type of the extended field. Valid values:

*   add: adds a value to the extended field of the account.
*   replace: replaces the existing value of the extended field of the account. If the existing value to be replaced does not exist, this operation changes to the add operation.
*   remove: removes a value from the extended field of the account.', example='add'),
    }
  ](name='CustomFields', description='The custom extended fields.'),
  displayName?: string(name='DisplayName', description='The display name of the account. The display name can be up to 64 characters in length.', example='test_name'),
  email?: string(name='Email', description='The email address. The prefix of the email address can contain letters, digits, periods (.), underscores (_), and hyphens (-).', example='example@example.com'),
  emailVerified?: boolean(name='EmailVerified', description='Specifies whether the email address is verified. This parameter must be specified if you specify Email. You can set this parameter to true if you have no special business requirements.', example='true'),
  instanceId?: string(name='InstanceId', description='The instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  phoneNumber?: string(name='PhoneNumber', description='The mobile number. The mobile number must be 6 to 15 digits in length.', example='156xxxxxxxxx'),
  phoneNumberVerified?: boolean(name='PhoneNumberVerified', description='Specifies whether the mobile number is verified. This parameter must be specified if you specify PhoneNumber. You can set this parameter to true if you have no special business requirements.', example='true'),
  phoneRegion?: string(name='PhoneRegion', description='The area code of the mobile number. For example, the area code of a mobile number in the Chinese mainland is 86 without 00 or the plus sign (+). This parameter must be specified if you specify PhoneNumber.', example='86'),
  userId?: string(name='UserId', description='The account ID.

This parameter is required.', example='user_d6sbsuumeta4h66ec3il7yxxxx'),
  username?: string(name='Username', description='The name of the account. The name can be up to 64 characters in length. It can contain letters, digits, and the following special characters: _ . @ -', example='username_test'),
}

model UpdateUserResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model UpdateUserResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UpdateUserResponseBody(name='body'),
}

/**
 * @summary Updates the basic information about an Employee Identity and Access Management (EIAM) account of Identity as a Service (IDaaS).
 *
 * @param request UpdateUserRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UpdateUserResponse
 */
async function updateUserWithOptions(request: UpdateUserRequest, runtime: $RuntimeOptions): UpdateUserResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.customFields)) {
    query['CustomFields'] = request.customFields;
  }
  if (!$isNull(request.displayName)) {
    query['DisplayName'] = request.displayName;
  }
  if (!$isNull(request.email)) {
    query['Email'] = request.email;
  }
  if (!$isNull(request.emailVerified)) {
    query['EmailVerified'] = request.emailVerified;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.phoneNumber)) {
    query['PhoneNumber'] = request.phoneNumber;
  }
  if (!$isNull(request.phoneNumberVerified)) {
    query['PhoneNumberVerified'] = request.phoneNumberVerified;
  }
  if (!$isNull(request.phoneRegion)) {
    query['PhoneRegion'] = request.phoneRegion;
  }
  if (!$isNull(request.userId)) {
    query['UserId'] = request.userId;
  }
  if (!$isNull(request.username)) {
    query['Username'] = request.username;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'UpdateUser',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Updates the basic information about an Employee Identity and Access Management (EIAM) account of Identity as a Service (IDaaS).
 *
 * @param request UpdateUserRequest
 * @return UpdateUserResponse
 */
async function updateUser(request: UpdateUserRequest): UpdateUserResponse {
  var runtime = new $RuntimeOptions{};
  return updateUserWithOptions(request, runtime);
}

model UpdateUserDescriptionRequest {
  description?: string(name='Description', description='The description of the account. The value can be up to 256 characters in length.', example='this is a test.'),
  instanceId?: string(name='InstanceId', description='The ID of the instance.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  userId?: string(name='UserId', description='The ID of the account.

This parameter is required.', example='user_d6sbsuumeta4h66ec3il7yxxxx'),
}

model UpdateUserDescriptionResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model UpdateUserDescriptionResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UpdateUserDescriptionResponseBody(name='body'),
}

/**
 * @summary Modifies the description of an Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM) account.
 *
 * @param request UpdateUserDescriptionRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UpdateUserDescriptionResponse
 */
async function updateUserDescriptionWithOptions(request: UpdateUserDescriptionRequest, runtime: $RuntimeOptions): UpdateUserDescriptionResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.description)) {
    query['Description'] = request.description;
  }
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.userId)) {
    query['UserId'] = request.userId;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'UpdateUserDescription',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Modifies the description of an Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM) account.
 *
 * @param request UpdateUserDescriptionRequest
 * @return UpdateUserDescriptionResponse
 */
async function updateUserDescription(request: UpdateUserDescriptionRequest): UpdateUserDescriptionResponse {
  var runtime = new $RuntimeOptions{};
  return updateUserDescriptionWithOptions(request, runtime);
}

model UpdateUserPasswordRequest {
  instanceId?: string(name='InstanceId', description='The instance ID.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  password?: string(name='Password', description='The new password of the account. For more information about the password format, see the "Password Policies" topic.

This parameter is required.', example='123456'),
  passwordForcedUpdateStatus?: string(name='PasswordForcedUpdateStatus', description='Specifies whether to enable forcible password change upon first logon. Default value: disabled. Valid values:

*   enabled
*   disabled', example='enabled'),
  userId?: string(name='UserId', description='The account ID.

This parameter is required.', example='user_d6sbsuumeta4h66ec3il7yxxxx'),
  userNotificationChannels?: [ string ](name='UserNotificationChannels', description='The methods for receiving password notifications.', example='sms'),
}

model UpdateUserPasswordResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='0441BD79-92F3-53AA-8657-F8CE4A2B912A'),
}

model UpdateUserPasswordResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UpdateUserPasswordResponseBody(name='body'),
}

/**
 * @summary Updates the password information of an Employee Identity and Access Management (EIAM) account of Identity as a Service (IDaaS). The password must meet the requirements of the password policies that are configured in the IDaaS console.
 *
 * @param request UpdateUserPasswordRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UpdateUserPasswordResponse
 */
async function updateUserPasswordWithOptions(request: UpdateUserPasswordRequest, runtime: $RuntimeOptions): UpdateUserPasswordResponse {
  request.validate();
  var query = {};
  if (!$isNull(request.instanceId)) {
    query['InstanceId'] = request.instanceId;
  }
  if (!$isNull(request.password)) {
    query['Password'] = request.password;
  }
  if (!$isNull(request.passwordForcedUpdateStatus)) {
    query['PasswordForcedUpdateStatus'] = request.passwordForcedUpdateStatus;
  }
  if (!$isNull(request.userId)) {
    query['UserId'] = request.userId;
  }
  if (!$isNull(request.userNotificationChannels)) {
    query['UserNotificationChannels'] = request.userNotificationChannels;
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'UpdateUserPassword',
    version = '2021-12-01',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Updates the password information of an Employee Identity and Access Management (EIAM) account of Identity as a Service (IDaaS). The password must meet the requirements of the password policies that are configured in the IDaaS console.
 *
 * @param request UpdateUserPasswordRequest
 * @return UpdateUserPasswordResponse
 */
async function updateUserPassword(request: UpdateUserPasswordRequest): UpdateUserPasswordResponse {
  var runtime = new $RuntimeOptions{};
  return updateUserPasswordWithOptions(request, runtime);
}

